Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1560040
MD5:825348bb7726434ff5305218f04085fa
SHA1:40cc20d2ba108a48f72683b0d71f794be9e17617
SHA256:e81c2909d03fef18975ca6d55b02fc2625c91a7c7be7c6b7f3d6ef13f4f90fd1
Tags:exeuser-Bitsight
Infos:

Detection

Credential Flusher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

  • System is w10x64
  • file.exe (PID: 7656 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 825348BB7726434FF5305218F04085FA)
    • taskkill.exe (PID: 7672 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7816 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7880 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7944 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 8008 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 8016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 8072 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 8108 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 8124 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 6964 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25298 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {034be005-e21b-42d6-ae40-adf8cf9373bc} 8124 "\\.\pipe\gecko-crash-server-pipe.8124" 2468646f310 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 2288 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3432 -parentBuildID 20230927232528 -prefsHandle 3672 -prefMapHandle 3576 -prefsLen 26147 -prefMapSize 238442 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24471866-1448-4f7f-b506-87d896a05d40} 8124 "\\.\pipe\gecko-crash-server-pipe.8124" 24686440e10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 1888 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4964 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4960 -prefMapHandle 4956 -prefsLen 33272 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebcf2430-b053-4cc0-a9c1-aa9f8cc737b8} 8124 "\\.\pipe\gecko-crash-server-pipe.8124" 24698888d10 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
Process Memory Space: file.exe PID: 7656JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security
    No Sigma rule has matched
    No Suricata rule has matched

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: file.exeReversingLabs: Detection: 31%
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.1% probability
    Source: file.exeJoe Sandbox ML: detected
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49718 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.8:49720 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49727 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.8:49732 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49740 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49741 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.8:49738 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49739 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49751 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.8:49752 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.8:49754 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49757 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49758 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49759 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.8:49756 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49763 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49766 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49765 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49767 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49764 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49768 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49770 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49769 version: TLS 1.2
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.1496650592.0000024693BDB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.1496650592.0000024693BDB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.1496650592.0000024693BDB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.1495671720.0000024693B83000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.1496650592.0000024693BDB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.1495671720.0000024693B83000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0016DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0016DBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0013C2A2 FindFirstFileExW,0_2_0013C2A2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001768EE FindFirstFileW,FindClose,0_2_001768EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0017698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0017698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0016D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0016D076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0016D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0016D3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00179642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00179642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0017979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0017979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00179B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00179B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00175C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00175C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 183MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewIP Address: 151.101.193.91 151.101.193.91
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0017CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0017CE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000E.00000003.1555877499.00000246A0295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1563785072.00000246A0295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1601570306.00000246A0295000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1555877499.00000246A0295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1563785072.00000246A0295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1517247554.00000246A22D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1517247554.00000246A22D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1517247554.00000246A22CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1561762853.00000246A22D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1555877499.00000246A0295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1563785072.00000246A0295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1589586529.00000246988A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1555877499.00000246A0295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1568468826.0000064624E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1563785072.00000246A0295000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1568468826.0000064624E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/Z equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1568468826.0000064624E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1517247554.00000246A22D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1517247554.00000246A22CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000012.00000002.2647975580.000002BF82803000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2648703237.000002043C80C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000012.00000002.2647975580.000002BF82803000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2648703237.000002043C80C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000012.00000002.2647975580.000002BF82803000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2648703237.000002043C80C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1568468826.0000064624E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/Z equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1555877499.00000246A0295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1568468826.0000064624E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1563785072.00000246A0295000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1568468826.0000064624E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.comZ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1568468826.0000064624E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1607611250.0000024696788000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1564891137.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556958224.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1588599819.000002469E67A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1568468826.0000064624E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.comZ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1594498280.00000246988C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1606313406.0000024696B5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1606313406.0000024696BA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.1606313406.0000024696B9F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1589097976.000002469A192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576941823.000002469A192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1602446637.000002469A192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1592428537.00000246984C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1565837670.000002469A192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 0000000E.00000003.1604460081.00000246970F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
    Source: firefox.exe, 0000000E.00000003.1604460081.00000246970F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
    Source: firefox.exe, 0000000E.00000003.1604460081.00000246970F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
    Source: firefox.exe, 0000000E.00000003.1604460081.00000246970F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
    Source: firefox.exe, 0000000E.00000003.1488239176.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486806563.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1483992860.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486455033.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1487680598.0000024693B46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicer
    Source: firefox.exe, 0000000E.00000003.1487067308.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486806563.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1487549834.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486261062.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 0000000E.00000003.1487067308.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486806563.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1483992860.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1487549834.0000024693B59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: firefox.exe, 0000000E.00000003.1460871202.0000024697088000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1605705341.0000024697088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
    Source: firefox.exe, 0000000E.00000003.1460871202.0000024697088000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1605705341.0000024697088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
    Source: firefox.exe, 0000000E.00000003.1495476743.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1496314991.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1497089148.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000E.00000003.1487067308.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486806563.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1487549834.0000024693B59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 0000000E.00000003.1487963007.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1487549834.0000024693B59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: firefox.exe, 0000000E.00000003.1610614385.0000024694986000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
    Source: firefox.exe, 0000000E.00000003.1460871202.0000024697088000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1605705341.0000024697088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.1488239176.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486806563.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1483992860.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486455033.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1487680598.0000024693B46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/Digi
    Source: firefox.exe, 0000000E.00000003.1487067308.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486806563.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1483992860.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1487549834.0000024693B59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: firefox.exe, 0000000E.00000003.1487067308.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486806563.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1487549834.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486261062.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 0000000E.00000003.1460871202.0000024697088000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1605705341.0000024697088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    Source: firefox.exe, 0000000E.00000003.1460871202.0000024697088000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1605705341.0000024697088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
    Source: firefox.exe, 0000000E.00000003.1487067308.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486806563.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1487549834.0000024693B59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.1487963007.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1487549834.0000024693B59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: firefox.exe, 0000000E.00000003.1488239176.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486806563.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1483992860.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486455033.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1487680598.0000024693B46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-
    Source: firefox.exe, 0000000E.00000003.1495476743.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1496314991.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1497089148.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: firefox.exe, 0000000E.00000003.1487067308.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486806563.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1487549834.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486261062.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: firefox.exe, 0000000E.00000003.1460871202.0000024697088000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1605705341.0000024697088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
    Source: firefox.exe, 0000000E.00000003.1488239176.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1495476743.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1496314991.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486806563.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1483992860.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1497089148.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486455033.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1487680598.0000024693B46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000E.00000003.1460871202.0000024697088000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1605705341.0000024697088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
    Source: firefox.exe, 0000000E.00000003.1598564925.0000024697865000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1598645114.0000024697861000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1607532232.0000024696A66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1592428537.0000024698479000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1577242168.0000024699785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000E.00000003.1517247554.00000246A2291000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
    Source: firefox.exe, 0000000E.00000003.1607441198.0000024696AEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000E.00000003.1576056703.00000246A2E4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1553320196.00000246A2E4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000E.00000003.1603465213.0000024697B81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576056703.00000246A2E4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1553320196.00000246A2E4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000E.00000003.1607611250.00000246967A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
    Source: firefox.exe, 0000000E.00000003.1607611250.00000246967A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
    Source: firefox.exe, 0000000E.00000003.1607611250.00000246967A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
    Source: firefox.exe, 0000000E.00000003.1607611250.00000246967A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1537989848.000002469772B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 0000000E.00000003.1607611250.0000024696788000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
    Source: firefox.exe, 0000000E.00000003.1534325016.0000024699BEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1529741906.0000024697ED4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1570622293.0000024698918000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1568143251.00000246A2C88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1472039480.0000024698A0D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1542375914.0000024697E8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536880522.00000246973E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1540231353.0000024697EFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1529741906.0000024697EF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1532501084.0000024697EF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536880522.00000246973C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1534939581.000002469E325000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1551593843.00000246A2C90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1464894046.000002469E32A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1533708154.0000024699BEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1550991702.00000246974C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1611225640.00000246960A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1569727620.000002469895E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1577242168.0000024699741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1442154544.00000246965D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1520952038.000002469E2A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000E.00000003.1460871202.0000024697088000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1605705341.0000024697088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
    Source: firefox.exe, 0000000E.00000003.1487963007.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1487549834.0000024693B59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: firefox.exe, 0000000E.00000003.1488239176.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1487067308.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486806563.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1483992860.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486455033.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1487549834.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1487680598.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486261062.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: firefox.exe, 0000000E.00000003.1488239176.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1495476743.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1496314991.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486806563.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1483992860.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1497089148.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486455033.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1487680598.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000E.00000003.1487067308.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486806563.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1487549834.0000024693B59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: firefox.exe, 0000000E.00000003.1460871202.0000024697088000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1605705341.0000024697088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 0000000E.00000003.1610614385.0000024694986000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 0000000E.00000003.1610614385.0000024694986000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
    Source: firefox.exe, 0000000E.00000003.1488239176.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1495476743.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1496314991.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486806563.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1483992860.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1497089148.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486455033.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1487680598.0000024693B46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: firefox.exe, 0000000E.00000003.1610614385.0000024694986000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000E.00000003.1611685552.00000246A33B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 0000000E.00000003.1604460081.00000246970F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
    Source: firefox.exe, 0000000E.00000003.1603252839.0000024697D85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1609942717.000002469662B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1561474589.00000246A23E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1592340019.0000024698686000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1609596904.000002469666D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1609996509.00000246964EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1592070075.00000246986BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 0000000E.00000003.1609942717.000002469662B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
    Source: mozilla-temp-41.14.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000E.00000003.1460871202.0000024697088000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1605705341.0000024697088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 0000000E.00000003.1460871202.0000024697088000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1605705341.0000024697088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000E.00000003.1604460081.00000246970E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
    Source: firefox.exe, 0000000E.00000003.1433476844.000002469613C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1429914816.0000024695F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1433790561.000002469615A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1432573465.000002469611F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1433988921.0000024696177000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000E.00000003.1577242168.000002469975C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 0000000E.00000003.1520400620.000002469EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1564688595.000002469EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1585398999.000002469EBEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 0000000E.00000003.1607611250.000002469674B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1464308248.0000024696F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 0000000E.00000003.1464308248.0000024696F67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/feeds.section.highlights.optionsemptyStringForBooleanAttribute_$reparen
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 0000000E.00000003.1564502131.000002469FBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556421772.000002469FBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: file.exe, 00000000.00000002.1453265843.0000000001158000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1549204558.00000246A2862000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1491401762.00000246A28DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576056703.00000246A2E4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1547066203.00000246A28DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1551961200.00000246A28DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1544164569.00000246A28DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1553320196.00000246A2E4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1547635439.00000246A285F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000E.00000003.1610614385.00000246949DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
    Source: firefox.exe, 0000000E.00000003.1520496096.000002469E5B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000E.00000003.1564891137.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556958224.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1588599819.000002469E67A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000E.00000003.1564891137.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556958224.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1588599819.000002469E67A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000E.00000003.1564891137.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556958224.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1588599819.000002469E67A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000E.00000003.1564891137.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556958224.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1588599819.000002469E67A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000E.00000003.1564891137.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556958224.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1588599819.000002469E67A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000E.00000003.1594498280.00000246988C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1606313406.0000024696B5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1606313406.0000024696BA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1606313406.0000024696BBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E236000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 0000000E.00000003.1568468826.0000064624E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
    Source: firefox.exe, 0000000E.00000003.1568468826.0000064624E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.comZ
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 0000000E.00000003.1588599819.000002469E67A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000E.00000003.1588599819.000002469E67A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000E.00000003.1607532232.0000024696A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 0000000E.00000003.1602035114.000002469EB8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000E.00000003.1589097976.000002469A192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576941823.000002469A192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1602446637.000002469A192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1580245574.000002469887C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1565837670.000002469A192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1578415943.0000024699713000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1594498280.0000024698883000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1589586529.000002469887C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 00000010.00000002.2649359792.0000018D067CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2647975580.000002BF828E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2651732076.000002043CB03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.
    Source: firefox.exe, 00000010.00000002.2649359792.0000018D067CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2647975580.000002BF828E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2651732076.000002043CB03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta
    Source: firefox.exe, 0000000E.00000003.1593480552.000002469819D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000E.00000003.1475110965.000002469E4F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1475938707.000002469E4DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 0000000E.00000003.1475110965.000002469E4F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1475938707.000002469E4DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 0000000E.00000003.1475938707.000002469E4DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000E.00000003.1569727620.000002469895E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
    Source: firefox.exe, 0000000E.00000003.1475110965.000002469E4F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1475938707.000002469E4DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1475110965.000002469E4F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 0000000E.00000003.1475110965.000002469E4F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1475938707.000002469E4DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000E.00000003.1433476844.000002469613C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1429914816.0000024695F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1433790561.000002469615A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1432573465.000002469611F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1433988921.0000024696177000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000E.00000003.1607532232.0000024696A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
    Source: firefox.exe, 0000000E.00000003.1596982944.0000024697AAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.1596982944.0000024697A7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 00000010.00000002.2649359792.0000018D067CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2647975580.000002BF828E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2651732076.000002043CB03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
    Source: firefox.exe, 00000010.00000002.2649359792.0000018D067CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2647975580.000002BF828E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2651732076.000002043CB03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 0000000E.00000003.1607532232.0000024696A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.1607532232.0000024696A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.1607532232.0000024696A66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 0000000E.00000003.1534939581.000002469E346000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000E.00000003.1520496096.000002469E5A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557634192.000002469E5A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1588697493.000002469E5A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000E.00000003.1532501084.0000024697EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 0000000E.00000003.1534939581.000002469E346000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
    Source: firefox.exe, 0000000E.00000003.1534939581.000002469E346000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
    Source: firefox.exe, 0000000E.00000003.1534939581.000002469E346000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000E.00000003.1433476844.000002469613C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1438362614.000002469628A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1429914816.0000024695F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1595723702.0000024697D76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1433790561.000002469615A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1603252839.0000024697D76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1532501084.0000024697E54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1432573465.000002469611F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1433988921.0000024696177000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000E.00000003.1568468826.0000064624E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?Z
    Source: firefox.exe, 0000000E.00000003.1464308248.0000024696F67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/y
    Source: firefox.exe, 0000000E.00000003.1610614385.0000024694986000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1435941926.0000024695D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436436845.0000024695D16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436644136.0000024695D33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000E.00000003.1610614385.0000024694986000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
    Source: firefox.exe, 0000000E.00000003.1610614385.0000024694986000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
    Source: firefox.exe, 0000000E.00000003.1610614385.0000024694986000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1435941926.0000024695D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436436845.0000024695D16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436644136.0000024695D33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
    Source: firefox.exe, 0000000E.00000003.1564502131.000002469FBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556421772.000002469FBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2647975580.000002BF82812000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2648703237.000002043C813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.1467266307.0000024697782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
    Source: firefox.exe, 0000000E.00000003.1467266307.0000024697782000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1467400789.000002469778A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1465550214.0000024697745000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000E.00000003.1553320196.00000246A2E4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.1553320196.00000246A2E4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.1563785072.00000246A024D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 0000000E.00000003.1575607790.00000246A2EA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1580245574.000002469887C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560462337.00000246A2EA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1552321699.00000246A2EA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1516374850.00000246A2EA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1597518044.0000024697A50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1594498280.0000024698883000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1589586529.000002469887C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?colle
    Source: firefox.exe, 0000000E.00000003.1520496096.000002469E5B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 0000000E.00000003.1564502131.000002469FBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556421772.000002469FBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2647975580.000002BF82812000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2648703237.000002043C813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 00000013.00000002.2648703237.000002043C8C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 00000013.00000002.2648703237.000002043C8C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 00000012.00000002.2647975580.000002BF8282F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2648703237.000002043C830000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 0000000E.00000003.1464308248.0000024696F67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.1607532232.0000024696A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
    Source: firefox.exe, 0000000E.00000003.1464308248.0000024696F67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabgetHardcodedLayout/
    Source: firefox.exe, 0000000E.00000003.1607532232.0000024696A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
    Source: firefox.exe, 0000000E.00000003.1607532232.0000024696A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
    Source: firefox.exe, 0000000E.00000003.1607532232.0000024696A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
    Source: firefox.exe, 0000000E.00000003.1607532232.0000024696A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
    Source: firefox.exe, 0000000E.00000003.1607532232.0000024696A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
    Source: firefox.exe, 0000000E.00000003.1607532232.0000024696A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
    Source: firefox.exe, 00000013.00000002.2648703237.000002043C8C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000E.00000003.1564502131.000002469FBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556421772.000002469FBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 0000000E.00000003.1464308248.0000024696F67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabgetHardcodedLayout/
    Source: firefox.exe, 0000000E.00000003.1464308248.0000024696F67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.1607532232.0000024696A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
    Source: firefox.exe, 0000000E.00000003.1464308248.0000024696F67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabbrowser.newtabpage.activity-stream.feeds.topsi
    Source: firefox.exe, 0000000E.00000003.1607532232.0000024696A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
    Source: firefox.exe, 00000013.00000002.2648703237.000002043C8C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000E.00000003.1564502131.000002469FBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556421772.000002469FBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 0000000E.00000003.1564502131.000002469FBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556421772.000002469FBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 0000000E.00000003.1564502131.000002469FBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556421772.000002469FBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 0000000E.00000003.1534939581.000002469E346000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
    Source: firefox.exe, 0000000E.00000003.1534939581.000002469E325000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1464894046.000002469E325000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1464402037.000002469E325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000E.00000003.1534939581.000002469E325000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1464894046.000002469E325000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1464402037.000002469E325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000E.00000003.1534939581.000002469E346000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
    Source: firefox.exe, 0000000E.00000003.1534939581.000002469E346000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
    Source: firefox.exe, 0000000E.00000003.1433476844.000002469613C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1429914816.0000024695F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1433790561.000002469615A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1432573465.000002469611F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1433988921.0000024696177000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000E.00000003.1555877499.00000246A0256000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1519447148.00000246A0256000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1593984700.00000246A025D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
    Source: firefox.exe, 0000000E.00000003.1564502131.000002469FBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556421772.000002469FBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000E.00000003.1476071059.000002469E461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1595411483.0000024697DD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000E.00000003.1564753980.000002469EBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556542847.000002469EBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1520400620.000002469EBA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
    Source: firefox.exe, 0000000E.00000003.1585500036.000002469E618000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1565144454.000002469E617000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
    Source: firefox.exe, 0000000E.00000003.1564753980.000002469EBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556542847.000002469EBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1520400620.000002469EBA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
    Source: firefox.exe, 0000000E.00000003.1564753980.000002469EBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556542847.000002469EBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1520400620.000002469EBA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
    Source: firefox.exe, 0000000E.00000003.1564753980.000002469EBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556542847.000002469EBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1520400620.000002469EBA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
    Source: firefox.exe, 0000000E.00000003.1564753980.000002469EBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556542847.000002469EBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1520400620.000002469EBA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
    Source: firefox.exe, 0000000E.00000003.1607532232.0000024696A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.14.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000E.00000003.1579970742.00000246988C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 00000012.00000002.2652696134.000002BF83304000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2648703237.000002043C8F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000E.00000003.1564891137.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556958224.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1588599819.000002469E67A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/76cf1cac-267b-4bdd-a979-af76d
    Source: firefox.exe, 0000000E.00000003.1516374850.00000246A2EA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1597518044.0000024697A50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/3026813b-3a35-4f80-
    Source: firefox.exe, 0000000E.00000003.1597518044.0000024697A50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/4229bcfa-c480-4dfc-87e8-c406
    Source: firefox.exe, 0000000E.00000003.1575607790.00000246A2EA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560462337.00000246A2EA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1552321699.00000246A2EA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1516374850.00000246A2EA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/011f6be4-2474-477f
    Source: firefox.exe, 0000000E.00000003.1575607790.00000246A2EA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560462337.00000246A2EA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1552321699.00000246A2EA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1516374850.00000246A2EA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/48d51cfd-a3cd-4768
    Source: firefox.exe, 0000000E.00000003.1575607790.00000246A2EA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560462337.00000246A2EA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1552321699.00000246A2EA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1516374850.00000246A2EA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/f1f48725-1fb3-45f8
    Source: firefox.exe, 0000000E.00000003.1564502131.000002469FBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556421772.000002469FBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 0000000E.00000003.1534939581.000002469E346000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000E.00000003.1464308248.0000024696F67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 0000000E.00000003.1607611250.00000246967A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
    Source: firefox.exe, 0000000E.00000003.1607611250.00000246967A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
    Source: firefox.exe, 0000000E.00000003.1607611250.00000246967A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
    Source: firefox.exe, 0000000E.00000003.1607611250.00000246967A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
    Source: firefox.exe, 0000000E.00000003.1534939581.000002469E346000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
    Source: firefox.exe, 0000000E.00000003.1534939581.000002469E346000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
    Source: firefox.exe, 0000000E.00000003.1534939581.000002469E346000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
    Source: firefox.exe, 0000000E.00000003.1607611250.00000246967EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000E.00000003.1460871202.000002469704C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
    Source: firefox.exe, 0000000E.00000003.1577242168.000002469975C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 0000000E.00000003.1577242168.000002469975C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 0000000E.00000003.1594220124.000002469EB78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000E.00000003.1610614385.0000024694986000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1435941926.0000024695D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436436845.0000024695D16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436644136.0000024695D33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
    Source: firefox.exe, 0000000E.00000003.1610614385.0000024694986000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1435941926.0000024695D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436436845.0000024695D16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436644136.0000024695D33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 0000000E.00000003.1610614385.0000024694986000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
    Source: firefox.exe, 0000000E.00000003.1610614385.0000024694986000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1435941926.0000024695D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436436845.0000024695D16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436644136.0000024695D33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 0000000E.00000003.1610614385.0000024694986000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
    Source: firefox.exe, 0000000E.00000003.1551593843.00000246A2C9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/
    Source: firefox.exe, 0000000E.00000003.1551593843.00000246A2C9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
    Source: firefox.exe, 0000000E.00000003.1551593843.00000246A2C9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-escapes#single
    Source: firefox.exe, 00000013.00000002.2648703237.000002043C887000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.1610614385.00000246949B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
    Source: firefox.exe, 0000000E.00000003.1520496096.000002469E5B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 0000000E.00000003.1551593843.00000246A2C9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mths.be/jsesc
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 0000000E.00000003.1610614385.0000024694986000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1435941926.0000024695D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436436845.0000024695D16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436644136.0000024695D33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 0000000E.00000003.1610614385.0000024694986000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1435941926.0000024695D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436436845.0000024695D16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436644136.0000024695D33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 0000000E.00000003.1610614385.0000024694986000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000E.00000003.1610614385.0000024694971000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
    Source: firefox.exe, 0000000E.00000003.1556958224.000002469E67A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.1596982944.0000024697AAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.1556421772.000002469FBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 0000000E.00000003.1580245574.000002469887C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1594498280.0000024698883000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1589586529.000002469887C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 0000000E.00000003.1589097976.000002469A192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576941823.000002469A192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1602446637.000002469A192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1565837670.000002469A192000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 0000000E.00000003.1596982944.0000024697A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 0000000E.00000003.1589097976.000002469A192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576941823.000002469A192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1602446637.000002469A192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1565837670.000002469A192000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 0000000E.00000003.1589097976.000002469A192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576941823.000002469A192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1602446637.000002469A192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1565837670.000002469A192000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000E.00000003.1610614385.00000246949B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
    Source: firefox.exe, 0000000E.00000003.1433988921.0000024696177000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1610614385.000002469499C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000E.00000003.1532501084.0000024697EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 0000000E.00000003.1564891137.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556958224.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1588599819.000002469E67A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 0000000E.00000003.1609596904.00000246966D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.1596644059.0000024697BA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000E.00000003.1603465213.0000024697B4E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1596644059.0000024697BA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000E.00000003.1607611250.00000246967F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
    Source: firefox.exe, 0000000E.00000003.1607611250.00000246967F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000E.00000003.1520668017.000002469E2EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 0000000E.00000003.1561762853.00000246A22CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2647975580.000002BF82812000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2648703237.000002043C813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000E.00000003.1561762853.00000246A22CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000E.00000003.1607532232.0000024696A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
    Source: firefox.exe, 0000000E.00000003.1607532232.0000024696A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
    Source: firefox.exe, 00000012.00000002.2647975580.000002BF8285F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2652696134.000002BF83304000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2648703237.000002043C8F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 00000013.00000002.2648703237.000002043C8F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/userp
    Source: firefox.exe, 0000000E.00000003.1603465213.0000024697B81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1606313406.0000024696BBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
    Source: firefox.exe, 0000000E.00000003.1603465213.0000024697B81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1606313406.0000024696B5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1606313406.0000024696BA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1606313406.0000024696BBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: firefox.exe, 0000000E.00000003.1610614385.00000246949B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
    Source: firefox.exe, 0000000E.00000003.1520496096.000002469E5B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000E.00000003.1564891137.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556958224.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1588599819.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1591842523.00000246986FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000E.00000003.1596779009.0000024697AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000E.00000003.1532397064.0000024698CB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1530906489.0000024698CB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 0000000E.00000003.1577242168.0000024699785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: firefox.exe, 0000000E.00000003.1596779009.0000024697AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l
    Source: firefox.exe, 0000000E.00000003.1534939581.000002469E346000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000E.00000003.1610614385.00000246949DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
    Source: firefox.exe, 0000000E.00000003.1520496096.000002469E5B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com/
    Source: firefox.exe, 0000000E.00000003.1516517310.00000246A2D88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 0000000E.00000003.1568468826.0000064624E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/Z
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 0000000E.00000003.1596217735.0000024697D46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000E.00000003.1564502131.000002469FBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556421772.000002469FBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 0000000E.00000003.1534939581.000002469E346000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
    Source: firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E236000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1464308248.0000024696F67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E236000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
    Source: firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E236000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1464308248.0000024696F67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 0000000E.00000003.1561762853.00000246A22CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 00000010.00000002.2649359792.0000018D067CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2647975580.000002BF828E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2651732076.000002043CB03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44
    Source: firefox.exe, 0000000E.00000003.1568468826.0000064624E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/Z
    Source: firefox.exe, 0000000E.00000003.1433476844.000002469613C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1429914816.0000024695F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1595723702.0000024697D76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1433790561.000002469615A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1603252839.0000024697D76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1532501084.0000024697E54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1432573465.000002469611F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1596598438.0000024697D21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1433988921.0000024696177000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
    Source: firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E236000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
    Source: firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E236000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E236000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E236000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: firefox.exe, 0000000E.00000003.1487067308.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486806563.0000024693B46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1487549834.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1486261062.0000024693B59000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E236000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
    Source: firefox.exe, 0000000E.00000003.1464308248.0000024696F67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000E.00000003.1433476844.000002469613C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1429914816.0000024695F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1433790561.000002469615A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1432573465.000002469611F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1433988921.0000024696177000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000E.00000003.1464308248.0000024696F67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/searchcb8e7210-9f0b-48fa-8708-b9a03df79eeacbe309e0-f638-4996-9dfc-ea
    Source: firefox.exe, 0000000E.00000003.1520668017.000002469E2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1433988921.0000024696177000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000E.00000003.1595364107.0000024697DD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E236000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 00000010.00000002.2649359792.0000018D067CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2647975580.000002BF828E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2651732076.000002043CB03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
    Source: firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E236000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E236000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1464308248.0000024696F67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 0000000E.00000003.1595723702.0000024697D76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1603252839.0000024697D76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
    Source: firefox.exe, 0000000E.00000003.1607611250.0000024696727000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1607611250.0000024696788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1607611250.0000024696781000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1607611250.0000024696785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 0000000E.00000003.1520496096.000002469E5B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1604460081.00000246970C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: firefox.exe, 0000000E.00000003.1596779009.0000024697AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.0JoCxlq8ibGr
    Source: firefox.exe, 0000000E.00000003.1467266307.0000024697782000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1467400789.000002469778A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1465550214.0000024697745000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000E.00000003.1564891137.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556958224.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1588599819.000002469E67A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: firefox.exe, 0000000E.00000003.1596779009.0000024697AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.Tgc_vjLFc3HK
    Source: firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
    Source: firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
    Source: firefox.exe, 0000000E.00000003.1596779009.0000024697AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 0000000E.00000003.1564891137.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556958224.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1588599819.000002469E67A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 00000013.00000002.2648703237.000002043C8F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000E.00000003.1607532232.0000024696A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
    Source: firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000010.00000002.2649359792.0000018D067CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/N
    Source: firefox.exe, 0000000E.00000003.1607532232.0000024696A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
    Source: firefox.exe, 0000000E.00000003.1596779009.0000024697AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
    Source: firefox.exe, 0000000E.00000003.1577242168.000002469974D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E236000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000E.00000003.1516517310.00000246A2D88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000E.00000003.1568468826.0000064624E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/Z
    Source: firefox.exe, 0000000E.00000003.1596217735.0000024697D46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
    Source: firefox.exe, 0000000E.00000003.1555877499.00000246A0295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1563785072.00000246A0295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1601570306.00000246A0295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1593697354.00000246A0295000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E236000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
    Source: firefox.exe, 0000000E.00000003.1516517310.00000246A2D88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2647975580.000002BF82803000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2648703237.000002043C80C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000E.00000003.1568468826.0000064624E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/Z
    Source: firefox.exe, 0000000E.00000003.1592114157.00000246986B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1590923511.000002469883E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1596982944.0000024697A7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 0000000E.00000003.1592428537.0000024698465000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1458824734.000002469E275000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1588896767.000002469E275000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557790228.000002469E275000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.14.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000012.00000002.2651482814.000002BF82970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.co
    Source: firefox.exe, 00000013.00000002.2651232439.000002043C970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.co&
    Source: firefox.exe, 0000000E.00000003.1553320196.00000246A2E4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1549137886.00000246A2896000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2651856446.0000018D06844000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2648081591.0000018D064EA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2648081591.0000018D064E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2651482814.000002BF82974000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2647347792.000002BF826A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2647347792.000002BF826AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2647698327.000002043C4E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2651232439.000002043C974000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2647698327.000002043C4EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000C.00000002.1418927848.000001D9B215A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1424824637.000001AE6A419000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 00000010.00000002.2651856446.0000018D06844000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2648081591.0000018D064E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2651482814.000002BF82974000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2647347792.000002BF826A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2647698327.000002043C4E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2651232439.000002043C974000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: firefox.exe, 0000000E.00000003.1568468826.0000064624E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.comZ
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49718 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.8:49720 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49727 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.8:49732 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49740 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49741 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.8:49738 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49739 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49751 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.8:49752 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.8:49754 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49757 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49758 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.8:49759 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.8:49756 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49763 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49766 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49765 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49767 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49764 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49768 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49770 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.8:49769 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0017EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0017EAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0017ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0017ED6A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0017EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0017EAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0016AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0016AA57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00199576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00199576

    System Summary

    barindex
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: file.exe, 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_2792264e-9
    Source: file.exe, 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_ebfdb8dd-2
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_21b079ec-c
    Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_cc8eb4af-6
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000002BF82E140B7 NtQuerySystemInformation,18_2_000002BF82E140B7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000002BF82E38532 NtQuerySystemInformation,18_2_000002BF82E38532
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0016D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0016D5EB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00161201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00161201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0016E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0016E8F6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001720460_2_00172046
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001080600_2_00108060
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001682980_2_00168298
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0013E4FF0_2_0013E4FF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0013676B0_2_0013676B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001948730_2_00194873
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0012CAA00_2_0012CAA0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0010CAF00_2_0010CAF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0011CC390_2_0011CC39
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00136DD90_2_00136DD9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0011B1190_2_0011B119
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001091C00_2_001091C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001213940_2_00121394
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001217060_2_00121706
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0012781B0_2_0012781B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001079200_2_00107920
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0011997D0_2_0011997D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001219B00_2_001219B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00127A4A0_2_00127A4A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00121C770_2_00121C77
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00127CA70_2_00127CA7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0018BE440_2_0018BE44
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00139EEE0_2_00139EEE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00121F320_2_00121F32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000002BF82E140B718_2_000002BF82E140B7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000002BF82E3853218_2_000002BF82E38532
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000002BF82E3857218_2_000002BF82E38572
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000002BF82E38C5C18_2_000002BF82E38C5C
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00120A30 appears 46 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0011F9F2 appears 40 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00109CB3 appears 31 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal72.troj.evad.winEXE@34/34@69/12
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001737B5 GetLastError,FormatMessageW,0_2_001737B5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001610BF AdjustTokenPrivileges,CloseHandle,0_2_001610BF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001616C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_001616C3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001751CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_001751CD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0016D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0016D4DC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0017648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0017648E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001042A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_001042A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8016:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7952:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7888:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7680:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7824:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 0000000E.00000003.1520400620.000002469EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1519447148.00000246A0244000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1564688595.000002469EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1555877499.00000246A024D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1585398999.000002469EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1563785072.00000246A024D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 0000000E.00000003.1520400620.000002469EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1564688595.000002469EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1585398999.000002469EBEB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 0000000E.00000003.1520400620.000002469EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1564688595.000002469EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1585398999.000002469EBEB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 0000000E.00000003.1520400620.000002469EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1564688595.000002469EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1585398999.000002469EBEB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 0000000E.00000003.1519447148.00000246A027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1563785072.00000246A027C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1555877499.00000246A027C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
    Source: firefox.exe, 0000000E.00000003.1520400620.000002469EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1564688595.000002469EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1585398999.000002469EBEB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 0000000E.00000003.1520400620.000002469EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1564688595.000002469EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1585398999.000002469EBEB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 0000000E.00000003.1520400620.000002469EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1564688595.000002469EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1585398999.000002469EBEB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 0000000E.00000003.1520400620.000002469EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1564688595.000002469EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1585398999.000002469EBEB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 0000000E.00000003.1520400620.000002469EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1564688595.000002469EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1585398999.000002469EBEB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: file.exeReversingLabs: Detection: 31%
    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25298 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {034be005-e21b-42d6-ae40-adf8cf9373bc} 8124 "\\.\pipe\gecko-crash-server-pipe.8124" 2468646f310 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3432 -parentBuildID 20230927232528 -prefsHandle 3672 -prefMapHandle 3576 -prefsLen 26147 -prefMapSize 238442 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24471866-1448-4f7f-b506-87d896a05d40} 8124 "\\.\pipe\gecko-crash-server-pipe.8124" 24686440e10 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4964 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4960 -prefMapHandle 4956 -prefsLen 33272 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebcf2430-b053-4cc0-a9c1-aa9f8cc737b8} 8124 "\\.\pipe\gecko-crash-server-pipe.8124" 24698888d10 utility
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25298 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {034be005-e21b-42d6-ae40-adf8cf9373bc} 8124 "\\.\pipe\gecko-crash-server-pipe.8124" 2468646f310 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3432 -parentBuildID 20230927232528 -prefsHandle 3672 -prefMapHandle 3576 -prefsLen 26147 -prefMapSize 238442 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24471866-1448-4f7f-b506-87d896a05d40} 8124 "\\.\pipe\gecko-crash-server-pipe.8124" 24686440e10 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4964 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4960 -prefMapHandle 4956 -prefsLen 33272 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebcf2430-b053-4cc0-a9c1-aa9f8cc737b8} 8124 "\\.\pipe\gecko-crash-server-pipe.8124" 24698888d10 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.1496650592.0000024693BDB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.1496650592.0000024693BDB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.1496650592.0000024693BDB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.1495671720.0000024693B83000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.1496650592.0000024693BDB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.1495671720.0000024693B83000.00000004.00000020.00020000.00000000.sdmp
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001042DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_001042DE
    Source: gmpopenh264.dll.tmp.14.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00120A76 push ecx; ret 0_2_00120A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0011F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0011F98E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00191C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00191C41
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-97856
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000002BF82E140B7 rdtsc 18_2_000002BF82E140B7
    Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.7 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0016DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0016DBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0013C2A2 FindFirstFileExW,0_2_0013C2A2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001768EE FindFirstFileW,FindClose,0_2_001768EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0017698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0017698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0016D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0016D076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0016D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0016D3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00179642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00179642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0017979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0017979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00179B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00179B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00175C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00175C97
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001042DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_001042DE
    Source: firefox.exe, 00000010.00000002.2652699422.0000018D06A00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll.
    Source: firefox.exe, 00000010.00000002.2648081591.0000018D064EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
    Source: firefox.exe, 00000010.00000002.2648081591.0000018D064EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
    Source: firefox.exe, 00000012.00000002.2647347792.000002BF826AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2651552245.000002043C980000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2647698327.000002043C4EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 00000010.00000002.2652248564.0000018D06914000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000012.00000002.2652479429.000002BF82E70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWk
    Source: firefox.exe, 00000010.00000002.2652699422.0000018D06A00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2652479429.000002BF82E70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000002BF82E140B7 rdtsc 18_2_000002BF82E140B7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0017EAA2 BlockInput,0_2_0017EAA2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00132622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00132622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001042DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_001042DE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00124CE8 mov eax, dword ptr fs:[00000030h]0_2_00124CE8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00160B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00160B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00132622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00132622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0012083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0012083F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001209D5 SetUnhandledExceptionFilter,0_2_001209D5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00120C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00120C21
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00161201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00161201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00142BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00142BA5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0016B226 SendInput,keybd_event,0_2_0016B226
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001822DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_001822DA
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00160B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00160B62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00161663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00161663
    Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: file.exeBinary or memory string: Shell_TrayWnd
    Source: firefox.exe, 0000000E.00000003.1487425771.00000246A2401000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00120698 cpuid 0_2_00120698
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00178195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00178195
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0015D27A GetUserNameW,0_2_0015D27A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0013B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_0013B952
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001042DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_001042DE

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 7656, type: MEMORYSTR
    Source: file.exeBinary or memory string: WIN_81
    Source: file.exeBinary or memory string: WIN_XP
    Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: file.exeBinary or memory string: WIN_XPe
    Source: file.exeBinary or memory string: WIN_VISTA
    Source: file.exeBinary or memory string: WIN_7
    Source: file.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 7656, type: MEMORYSTR
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00181204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00181204
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00181806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00181806
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts
    1
    Windows Management Instrumentation
    1
    DLL Side-Loading
    1
    Exploitation for Privilege Escalation
    2
    Disable or Modify Tools
    21
    Input Capture
    2
    System Time Discovery
    Remote Services1
    Archive Collected Data
    2
    Ingress Tool Transfer
    Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API
    2
    Valid Accounts
    1
    DLL Side-Loading
    1
    Deobfuscate/Decode Files or Information
    LSASS Memory1
    Account Discovery
    Remote Desktop Protocol21
    Input Capture
    12
    Encrypted Channel
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection
    2
    Obfuscated Files or Information
    Security Account Manager2
    File and Directory Discovery
    SMB/Windows Admin Shares3
    Clipboard Data
    2
    Non-Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts
    1
    DLL Side-Loading
    NTDS16
    System Information Discovery
    Distributed Component Object ModelInput Capture3
    Application Layer Protocol
    Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation
    1
    Extra Window Memory Injection
    LSA Secrets131
    Security Software Discovery
    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection
    1
    Masquerading
    Cached Domain Credentials1
    Virtualization/Sandbox Evasion
    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts
    DCSync3
    Process Discovery
    Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion
    Proc Filesystem1
    Application Window Discovery
    Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation
    /etc/passwd and /etc/shadow1
    System Owner/User Discovery
    Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection
    Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1560040 Sample: file.exe Startdate: 21/11/2024 Architecture: WINDOWS Score: 72 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Multi AV Scanner detection for submitted file 2->57 59 Yara detected Credential Flusher 2->59 61 Binary is likely a compiled AutoIt script file 2->61 63 2 other signatures 2->63 8 file.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 223 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.184.206, 443, 49713, 49714 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49716, 49730, 49731 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    file.exe32%ReversingLabsWin32.Trojan.AutoitInject
    file.exe100%Joe Sandbox ML
    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    93.184.215.14
    truefalse
      high
      star-mini.c10r.facebook.com
      157.240.251.35
      truefalse
        high
        prod.classify-client.prod.webservices.mozgcp.net
        35.190.72.216
        truefalse
          high
          prod.balrog.prod.cloudops.mozgcp.net
          35.244.181.201
          truefalse
            high
            twitter.com
            104.244.42.65
            truefalse
              high
              prod.detectportal.prod.cloudops.mozgcp.net
              34.107.221.82
              truefalse
                high
                services.addons.mozilla.org
                151.101.193.91
                truefalse
                  high
                  dyna.wikimedia.org
                  185.15.59.224
                  truefalse
                    high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    34.149.100.209
                    truefalse
                      high
                      contile.services.mozilla.com
                      34.117.188.166
                      truefalse
                        high
                        youtube.com
                        142.250.184.206
                        truefalse
                          high
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          34.160.144.191
                          truefalse
                            high
                            youtube-ui.l.google.com
                            172.217.16.206
                            truefalse
                              high
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              34.149.128.2
                              truefalse
                                high
                                reddit.map.fastly.net
                                151.101.129.140
                                truefalse
                                  high
                                  ipv4only.arpa
                                  192.0.0.171
                                  truefalse
                                    high
                                    prod.ads.prod.webservices.mozgcp.net
                                    34.117.188.166
                                    truefalse
                                      high
                                      push.services.mozilla.com
                                      34.107.243.93
                                      truefalse
                                        high
                                        normandy-cdn.services.mozilla.com
                                        35.201.103.21
                                        truefalse
                                          high
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          34.120.208.123
                                          truefalse
                                            high
                                            www.reddit.com
                                            unknown
                                            unknownfalse
                                              high
                                              spocs.getpocket.com
                                              unknown
                                              unknownfalse
                                                high
                                                content-signature-2.cdn.mozilla.net
                                                unknown
                                                unknownfalse
                                                  high
                                                  support.mozilla.org
                                                  unknown
                                                  unknownfalse
                                                    high
                                                    firefox.settings.services.mozilla.com
                                                    unknown
                                                    unknownfalse
                                                      high
                                                      www.youtube.com
                                                      unknown
                                                      unknownfalse
                                                        high
                                                        www.facebook.com
                                                        unknown
                                                        unknownfalse
                                                          high
                                                          detectportal.firefox.com
                                                          unknown
                                                          unknownfalse
                                                            high
                                                            normandy.cdn.mozilla.net
                                                            unknown
                                                            unknownfalse
                                                              high
                                                              shavar.services.mozilla.com
                                                              unknown
                                                              unknownfalse
                                                                high
                                                                www.wikipedia.org
                                                                unknown
                                                                unknownfalse
                                                                  high
                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://youtube.comZfirefox.exe, 0000000E.00000003.1568468826.0000064624E03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                      high
                                                                      https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000013.00000002.2648703237.000002043C8C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://detectportal.firefox.com/firefox.exe, 0000000E.00000003.1517247554.00000246A2291000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                            high
                                                                            https://datastudio.google.com/embed/reporting/firefox.exe, 0000000E.00000003.1520496096.000002469E5A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557634192.000002469E5A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1588697493.000002469E5A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://www.mozilla.com0gmpopenh264.dll.tmp.14.drfalse
                                                                                high
                                                                                https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000E.00000003.1534939581.000002469E346000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000013.00000002.2648703237.000002043C887000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://json-schema.org/draft/2019-09/schema.firefox.exe, 0000000E.00000003.1607611250.00000246967A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://www.leboncoin.fr/firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E236000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1464308248.0000024696F67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://spocs.getpocket.com/spocsfirefox.exe, 0000000E.00000003.1561762853.00000246A22CE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozillfirefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://screenshots.firefox.comfirefox.exe, 0000000E.00000003.1610614385.00000246949B9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://mathiasbynens.be/notes/javascript-escapes#singlefirefox.exe, 0000000E.00000003.1551593843.00000246A2C9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://shavar.services.mozilla.comfirefox.exe, 0000000E.00000003.1609596904.00000246966D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://completion.amazon.com/search/complete?q=firefox.exe, 0000000E.00000003.1433476844.000002469613C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1429914816.0000024695F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1433790561.000002469615A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1432573465.000002469611F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1433988921.0000024696177000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000E.00000003.1594498280.00000246988C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1606313406.0000024696B5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1606313406.0000024696BA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1606313406.0000024696BBE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000E.00000003.1564753980.000002469EBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556542847.000002469EBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1520400620.000002469EBA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://monitor.firefox.com/breach-details/firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000E.00000003.1433476844.000002469613C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1429914816.0000024695F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1595723702.0000024697D76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1433790561.000002469615A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1603252839.0000024697D76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1532501084.0000024697E54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1432573465.000002469611F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1596598438.0000024697D21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1433988921.0000024696177000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://profiler.firefox.com/firefox.exe, 0000000E.00000003.1610614385.0000024694971000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://www.msn.comfirefox.exe, 0000000E.00000003.1577242168.000002469974D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000E.00000003.1433476844.000002469613C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1429914816.0000024695F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1433790561.000002469615A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1432573465.000002469611F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1433988921.0000024696177000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://youtube.com/firefox.exe, 0000000E.00000003.1592428537.0000024698465000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1458824734.000002469E275000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1588896767.000002469E275000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557790228.000002469E275000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://content-signature-2.cdn.mozilla.net/firefox.exe, 0000000E.00000003.1596982944.0000024697AAE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://json-schema.org/draft/2020-12/schema/=firefox.exe, 0000000E.00000003.1607611250.00000246967A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000E.00000003.1588599819.000002469E67A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://api.accounts.firefox.com/v1firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6lfirefox.exe, 0000000E.00000003.1596779009.0000024697AE8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://www.amazon.com/firefox.exe, 0000000E.00000003.1561762853.00000246A22CE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://ocsp.rootca1.amazontrust.com0:firefox.exe, 0000000E.00000003.1460871202.0000024697088000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1605705341.0000024697088000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.firefox.exe, 00000010.00000002.2649359792.0000018D067CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2647975580.000002BF828E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2651732076.000002043CB03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                        high
                                                                                                                                                        https://www.youtube.com/firefox.exe, 0000000E.00000003.1516517310.00000246A2D88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2647975580.000002BF82803000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2648703237.000002043C80C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            https://MD8.mozilla.org/1/mfirefox.exe, 0000000E.00000003.1604460081.00000246970E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              https://www.bbc.co.uk/firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E236000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000E.00000003.1564891137.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556958224.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1588599819.000002469E67A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000013.00000002.2648703237.000002043C8C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    http://127.0.0.1:firefox.exe, 0000000E.00000003.1606313406.0000024696B9F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1589097976.000002469A192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576941823.000002469A192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1602446637.000002469A192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1592428537.00000246984C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1565837670.000002469A192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000E.00000003.1475110965.000002469E4F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1475938707.000002469E4DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000E.00000003.1532501084.0000024697EF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          https://bugzilla.mofirefox.exe, 0000000E.00000003.1593480552.000002469819D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            https://mitmdetection.services.mozilla.com/firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://amazon.comfirefox.exe, 0000000E.00000003.1568468826.0000064624E03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 0000000E.00000003.1603465213.0000024697B81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1606313406.0000024696BBE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  https://youtube.com/account?=recovery.jsonlz4.tmp.14.drfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    https://shavar.services.mozilla.com/firefox.exe, 0000000E.00000003.1596644059.0000024697BA9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgfirefox.exe, 00000010.00000002.2649359792.0000018D067CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2647975580.000002BF828E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2651732076.000002043CB03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        https://spocs.getpocket.com/firefox.exe, 0000000E.00000003.1561762853.00000246A22CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2647975580.000002BF82812000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2648703237.000002043C813000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                https://www.iqiyi.com/firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E236000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  https://youtube.com/account?=https://accounts.google.cofirefox.exe, 00000012.00000002.2651482814.000002BF82970000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        https://www.amazon.com/Zfirefox.exe, 0000000E.00000003.1568468826.0000064624E03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            high
                                                                                                                                                                                                            https://addons.mozilla.org/firefox.exe, 0000000E.00000003.1520496096.000002469E5B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              http://a9.com/-/spec/opensearch/1.0/firefox.exe, 0000000E.00000003.1604460081.00000246970F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                high
                                                                                                                                                                                                                https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                  high
                                                                                                                                                                                                                  http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 0000000E.00000003.1610614385.0000024694986000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    high
                                                                                                                                                                                                                    https://monitor.firefox.com/user/dashboardfirefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                      high
                                                                                                                                                                                                                      https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                        high
                                                                                                                                                                                                                        https://monitor.firefox.com/aboutfirefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                          high
                                                                                                                                                                                                                          http://mozilla.org/MPL/2.0/.firefox.exe, 0000000E.00000003.1534325016.0000024699BEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1529741906.0000024697ED4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1570622293.0000024698918000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1568143251.00000246A2C88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1472039480.0000024698A0D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1542375914.0000024697E8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536880522.00000246973E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1540231353.0000024697EFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1529741906.0000024697EF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1532501084.0000024697EF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536880522.00000246973C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1534939581.000002469E325000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1551593843.00000246A2C90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1464894046.000002469E32A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1533708154.0000024699BEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1550991702.00000246974C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1611225640.00000246960A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1569727620.000002469895E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1577242168.0000024699741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1442154544.00000246965D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1520952038.000002469E2A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            high
                                                                                                                                                                                                                            https://account.bellmedia.cfirefox.exe, 0000000E.00000003.1577242168.000002469975C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              high
                                                                                                                                                                                                                              https://login.microsoftonline.comfirefox.exe, 0000000E.00000003.1577242168.000002469975C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                https://coverage.mozilla.orgfirefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                  http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.14.drfalse
                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                    http://x1.c.lencr.org/0firefox.exe, 0000000E.00000003.1460871202.0000024697088000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1605705341.0000024697088000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                      http://x1.i.lencr.org/0firefox.exe, 0000000E.00000003.1460871202.0000024697088000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1605705341.0000024697088000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                        http://a9.com/-/spec/opensearch/1.1/firefox.exe, 0000000E.00000003.1604460081.00000246970F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                          https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000E.00000003.1534939581.000002469E346000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            high
                                                                                                                                                                                                                                            https://blocked.cdn.mozilla.net/firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                              high
                                                                                                                                                                                                                                              https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000E.00000003.1464308248.0000024696F67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                                https://profiler.firefox.comfirefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                                  https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000E.00000003.1610614385.0000024694986000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1435941926.0000024695D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436436845.0000024695D16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436644136.0000024695D33000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                                    https://identity.mozilla.com/apps/relayfirefox.exe, 0000000E.00000003.1585500036.000002469E618000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1565144454.000002469E617000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                                      https://mathiasbynens.be/firefox.exe, 0000000E.00000003.1551593843.00000246A2C9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                                        https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                                          https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000E.00000003.1577242168.0000024699785000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            high
                                                                                                                                                                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000E.00000003.1475938707.000002469E4DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              high
                                                                                                                                                                                                                                                              https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000E.00000003.1610614385.0000024694986000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1435941926.0000024695D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436436845.0000024695D16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436644136.0000024695D33000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                                                https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 0000000E.00000003.1564891137.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1556958224.000002469E67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1588599819.000002469E67A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                                                  https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000E.00000003.1607532232.0000024696A66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                                                    https://www.amazon.co.uk/firefox.exe, 0000000E.00000003.1557790228.000002469E222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576744919.000002469E236000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1464308248.0000024696F67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                                                      https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000000E.00000003.1563785072.00000246A024D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                                                        https://monitor.firefox.com/user/preferencesfirefox.exe, 00000010.00000002.2648993309.0000018D06560000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2651181783.000002BF82920000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2648284518.000002043C630000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                          • 75% < No. of IPs
                                                                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                          34.149.100.209
                                                                                                                                                                                                                                                                          prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.107.243.93
                                                                                                                                                                                                                                                                          push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.107.221.82
                                                                                                                                                                                                                                                                          prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.244.181.201
                                                                                                                                                                                                                                                                          prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.117.188.166
                                                                                                                                                                                                                                                                          contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                          151.101.193.91
                                                                                                                                                                                                                                                                          services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                          54113FASTLYUSfalse
                                                                                                                                                                                                                                                                          35.201.103.21
                                                                                                                                                                                                                                                                          normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.190.72.216
                                                                                                                                                                                                                                                                          prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.160.144.191
                                                                                                                                                                                                                                                                          prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          142.250.184.206
                                                                                                                                                                                                                                                                          youtube.comUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.120.208.123
                                                                                                                                                                                                                                                                          telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          IP
                                                                                                                                                                                                                                                                          127.0.0.1
                                                                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                          Analysis ID:1560040
                                                                                                                                                                                                                                                                          Start date and time:2024-11-21 10:37:08 +01:00
                                                                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                          Overall analysis duration:0h 7m 10s
                                                                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                          Number of analysed new started processes analysed:24
                                                                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                          Sample name:file.exe
                                                                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                                                                          Classification:mal72.troj.evad.winEXE@34/34@69/12
                                                                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 50%
                                                                                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 95%
                                                                                                                                                                                                                                                                          • Number of executed functions: 40
                                                                                                                                                                                                                                                                          • Number of non-executed functions: 313
                                                                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 52.12.64.98, 35.164.125.63, 35.80.238.59, 142.250.185.234, 142.250.185.202, 2.22.61.59, 2.22.61.56, 172.217.18.110, 172.217.16.142
                                                                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                          • VT rate limit hit for: file.exe
                                                                                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                                                                                          04:38:09API Interceptor1x Sleep call for process: firefox.exe modified
                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          34.117.188.166file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                              151.101.193.91file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  34.149.100.209file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      example.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      twitter.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                      star-mini.c10r.facebook.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.0.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.251.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.0.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.251.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.251.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.251.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.0.35
                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.116.198.130
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.116.198.130
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.116.198.130
                                                                                                                                                                                                                                                                                                                                      https://fxwf9-53194.portmap.io:53194/?x=sb232111Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.116.198.130
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      FASTLYUShttps://cabinetstogollc-my.sharepoint.com/:b:/g/personal/store802_cabinetstogo_com/EYepBlB4QExJsG0U-4jKG4ABoZxLg7rdp0_zjjwabbUc1g?e=q4iRIE&com.microsoft.intune.mam.appmdmmgtstate=2&com.microsoft.intune.mam.policysource=2&com.microsoft.intune.mam.identity=mcle%40novozymes.com&com.microsoft.intune.mam.policy=1&com.microGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      +11375 Caller left Vc MsG 8b1538917f01661e6746a0528d545dbeac3b40a5- 73945.msgGet hashmaliciousHtmlDropperBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      Secured Audlo_secpod.com_1524702658.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      ATGS-MMD-ASUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      https://ollama.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.36.133.15
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      ArchivoNuevo.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.128.163.126
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      ATGS-MMD-ASUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      https://ollama.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.36.133.15
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      ArchivoNuevo.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.128.163.126
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):8056
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.182961972096322
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:5F99wMX6kvcbhbVbTbfbRbObtbyEl7n0rdJA6unSrDtTkdmSG:D9b/cNhnzFSJUrY1nSrDhkdm/
                                                                                                                                                                                                                                                                                                                                                          MD5:84FC1F969FC8504D4A978EB95493FCF6
                                                                                                                                                                                                                                                                                                                                                          SHA1:CEFA7D8697E70BB2F5C228C7ACECA08E241265F9
                                                                                                                                                                                                                                                                                                                                                          SHA-256:68549F6C61619F81A5C6E307E9C196AD3F8B51861F08F39ADCB2909CDC34576A
                                                                                                                                                                                                                                                                                                                                                          SHA-512:7F8F436DC6CCA9107ED104647BDB04C8AE6B219A278FE1A53832019D8DC0797A804D60E28E108E433619F735ACD282323A845CE6A0B073A51A993001AF68E090
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"type":"uninstall","id":"96781814-a2d5-4761-be57-f2f13ccfc70f","creationDate":"2024-11-21T11:16:06.858Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"965729a8-84e4-4cad-a75d-ac8181902c4b","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):8056
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.182961972096322
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:5F99wMX6kvcbhbVbTbfbRbObtbyEl7n0rdJA6unSrDtTkdmSG:D9b/cNhnzFSJUrY1nSrDhkdm/
                                                                                                                                                                                                                                                                                                                                                          MD5:84FC1F969FC8504D4A978EB95493FCF6
                                                                                                                                                                                                                                                                                                                                                          SHA1:CEFA7D8697E70BB2F5C228C7ACECA08E241265F9
                                                                                                                                                                                                                                                                                                                                                          SHA-256:68549F6C61619F81A5C6E307E9C196AD3F8B51861F08F39ADCB2909CDC34576A
                                                                                                                                                                                                                                                                                                                                                          SHA-512:7F8F436DC6CCA9107ED104647BDB04C8AE6B219A278FE1A53832019D8DC0797A804D60E28E108E433619F735ACD282323A845CE6A0B073A51A993001AF68E090
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"type":"uninstall","id":"96781814-a2d5-4761-be57-f2f13ccfc70f","creationDate":"2024-11-21T11:16:06.858Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"965729a8-84e4-4cad-a75d-ac8181902c4b","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                          MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                          SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                          SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                          SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                          MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                          SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                          SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):6150
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.943454966553299
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:7LFS+O1U6OdwiOdEiVoslH5jV/ZiwBhZ08jzLQY8P:N5dimslH5jVhiwBr2
                                                                                                                                                                                                                                                                                                                                                          MD5:3B4BA3EA985750C6E5DA552617B4A8FD
                                                                                                                                                                                                                                                                                                                                                          SHA1:D461D13B9C07C516F54FA0C39212756CCDFC67D5
                                                                                                                                                                                                                                                                                                                                                          SHA-256:D887D279CA015D2A3B02B4787E59EC6AAB0149764F7FF1D2BF5EDEA6AEC94F5E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:5330CE08C8A64BF28B9F5E5B71D98C08BF52A65B9B53C9E862DB1B84E33211C5618BB9F06FAC39C5D2D921B9DF92DCC1F981BF88A8B1CA13A8F21C30E1A1CBBC
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"fbda1f9b-e03c-4207-94bb-3e5ec8a299dc","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T08:19:30.130Z","featureIds":["bookmarks"],"prefs":[],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"cdbde02e-86fb-4899-ad8a-776106784576","experimentType":"r
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):6150
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.943454966553299
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:7LFS+O1U6OdwiOdEiVoslH5jV/ZiwBhZ08jzLQY8P:N5dimslH5jVhiwBr2
                                                                                                                                                                                                                                                                                                                                                          MD5:3B4BA3EA985750C6E5DA552617B4A8FD
                                                                                                                                                                                                                                                                                                                                                          SHA1:D461D13B9C07C516F54FA0C39212756CCDFC67D5
                                                                                                                                                                                                                                                                                                                                                          SHA-256:D887D279CA015D2A3B02B4787E59EC6AAB0149764F7FF1D2BF5EDEA6AEC94F5E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:5330CE08C8A64BF28B9F5E5B71D98C08BF52A65B9B53C9E862DB1B84E33211C5618BB9F06FAC39C5D2D921B9DF92DCC1F981BF88A8B1CA13A8F21C30E1A1CBBC
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"fbda1f9b-e03c-4207-94bb-3e5ec8a299dc","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T08:19:30.130Z","featureIds":["bookmarks"],"prefs":[],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"cdbde02e-86fb-4899-ad8a-776106784576","experimentType":"r
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):5320
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.6042106566953995
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMggiA:zTx2x2t0FDJ4NpkuvjdeplTMp
                                                                                                                                                                                                                                                                                                                                                          MD5:E3E09D3A459131D9A796509E2B74622E
                                                                                                                                                                                                                                                                                                                                                          SHA1:5EA797BF89A9F3FA6D145C5050B65A5789D26684
                                                                                                                                                                                                                                                                                                                                                          SHA-256:56940DF1F209C1289E1FCBDB353AA3308581F3469325BC01584C3C8CC86E09C9
                                                                                                                                                                                                                                                                                                                                                          SHA-512:7F0DA23EC0F97E0D58DB3B6DB6D2FFBAC077847B8C460F18F03CFA0611B313C6A32854E2F8904443DF257960C6FA81F4B1D19409E489488D49963962E338486F
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):5320
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.6042106566953995
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMggiA:zTx2x2t0FDJ4NpkuvjdeplTMp
                                                                                                                                                                                                                                                                                                                                                          MD5:E3E09D3A459131D9A796509E2B74622E
                                                                                                                                                                                                                                                                                                                                                          SHA1:5EA797BF89A9F3FA6D145C5050B65A5789D26684
                                                                                                                                                                                                                                                                                                                                                          SHA-256:56940DF1F209C1289E1FCBDB353AA3308581F3469325BC01584C3C8CC86E09C9
                                                                                                                                                                                                                                                                                                                                                          SHA-512:7F0DA23EC0F97E0D58DB3B6DB6D2FFBAC077847B8C460F18F03CFA0611B313C6A32854E2F8904443DF257960C6FA81F4B1D19409E489488D49963962E338486F
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                          MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                          SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                          SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                          SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.185849187264327
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:768:0I4nvfwkXU4y6f4k4oB4a4IPN84I4/4uw4J424qF4g:0NPa45
                                                                                                                                                                                                                                                                                                                                                          MD5:6C3BE83A836C11F0781A28C5C276611E
                                                                                                                                                                                                                                                                                                                                                          SHA1:826B42D0E82A04A59A96150A478A9C63172B7506
                                                                                                                                                                                                                                                                                                                                                          SHA-256:FB38EDAD3460F248967331080F6C398248DBC215D16E4BAB3E31CE260E1176B7
                                                                                                                                                                                                                                                                                                                                                          SHA-512:EA67C9DF14F00A17C3044EE63DAFA9E7FA9A4B0F04A4D98CC19F2C9794D6D9A215323E13AD354AF60DE1F31288C565EE4455CFE3B9B8F2877DEF20A4151D4921
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{fc425cd7-ddd8-48c7-9e11-c0b9f650e5fa}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.185849187264327
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:768:0I4nvfwkXU4y6f4k4oB4a4IPN84I4/4uw4J424qF4g:0NPa45
                                                                                                                                                                                                                                                                                                                                                          MD5:6C3BE83A836C11F0781A28C5C276611E
                                                                                                                                                                                                                                                                                                                                                          SHA1:826B42D0E82A04A59A96150A478A9C63172B7506
                                                                                                                                                                                                                                                                                                                                                          SHA-256:FB38EDAD3460F248967331080F6C398248DBC215D16E4BAB3E31CE260E1176B7
                                                                                                                                                                                                                                                                                                                                                          SHA-512:EA67C9DF14F00A17C3044EE63DAFA9E7FA9A4B0F04A4D98CC19F2C9794D6D9A215323E13AD354AF60DE1F31288C565EE4455CFE3B9B8F2877DEF20A4151D4921
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{fc425cd7-ddd8-48c7-9e11-c0b9f650e5fa}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.07333643704449962
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkiRxEMz:DLhesh7Owd4+jiRx
                                                                                                                                                                                                                                                                                                                                                          MD5:94FA03CD81A0468D21C2313942A8B9FE
                                                                                                                                                                                                                                                                                                                                                          SHA1:83375B1952E5DCA1E5CB3BBF40929BFC71207CAA
                                                                                                                                                                                                                                                                                                                                                          SHA-256:F9FDE1BCC1E77DB694A0514239677B2C2E1C485F84B4F45F9E5F8D4A005B9E06
                                                                                                                                                                                                                                                                                                                                                          SHA-512:791052D74BF059A72F76838F757FBE3A5290316371AF7E9228AA59459603B3658EA45ED2DCFEA7006271F1D79D3DBD67F62308A41D503EF10582DEA86BECF1FA
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.035371733770153645
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:GtlstFGwcdoSR1lstFGwcdoS4lT89//alEl:GtWtEloSR1WtEloS4J89XuM
                                                                                                                                                                                                                                                                                                                                                          MD5:80747C2AABA040F8E0B3C64A0EBC3B56
                                                                                                                                                                                                                                                                                                                                                          SHA1:0A4257AF8F89FA8520B60D9CFA7F3B84F0B006FB
                                                                                                                                                                                                                                                                                                                                                          SHA-256:69267CC785C8ADE7E15514993A46A3364C4903BB8358AFBBB8000C52096441C2
                                                                                                                                                                                                                                                                                                                                                          SHA-512:D2EB4B6C73124A02ED64400DE72129010B9C874C85E05B5447C3E0AE0BEA7BDB8F3EBE40B533C60967CAAEFB4E008B2AC54C047E162C05E026B1F5FB547798A3
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:..-...........................&..E9.$..k..-p.....-...........................&..E9.$..k..-p...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32824
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.03736684907790466
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:Ol1yqy4MlA3sgL/qovRN8aEJ/Nmhml8XW3R2:Kc4kSsEiUE/Ehm93w
                                                                                                                                                                                                                                                                                                                                                          MD5:A7B223A85F8E458E668943DF4E231401
                                                                                                                                                                                                                                                                                                                                                          SHA1:4C9E7FE2B4CC9126BDC9624F8684A7350FD5C4DF
                                                                                                                                                                                                                                                                                                                                                          SHA-256:5E64B2DCE0B7A7C1FF731ED1F5B4CA9B1720567A55FCEBC1A82F0DB471A4E5DE
                                                                                                                                                                                                                                                                                                                                                          SHA-512:F9727C867D2E49C42F9829C30201DCED57349A74EFA5E2ABED6DFCF7CA08268B43B2BDE965ACDEDA2E9FA4C4267FEE716D4BDFF6F0D480024DB0735DF5553CC1
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:7....-............E9.$.....R}.)..........E9.$.......&..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1765), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):13820
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.468376095099045
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:Nz+neRdIYbBp63nmUzaX486aRTPKWPaQr5RDNBw8d89mSl:NzkeYmUlvmyDWrwzw0
                                                                                                                                                                                                                                                                                                                                                          MD5:76A57A1237F4AF3002C71E4F1A4FB0F0
                                                                                                                                                                                                                                                                                                                                                          SHA1:12CDD3C852ED3C9FA739AB33E20F704A77AB93EA
                                                                                                                                                                                                                                                                                                                                                          SHA-256:5C93E0A8DC297FE8C66B083B4A6928BB4E0E24C5D0E3C37980FD13E27D6CB17B
                                                                                                                                                                                                                                                                                                                                                          SHA-512:27C5E848126D2D2E686A1B2016D16D1B7F16662DC76E485D89EB4C18A66E880304BC8CF1F2B9EBD748206A48394CF5D2E683029B88C3FA67FA61AC56DEED5F58
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "38829aa4-f57e-4fd8-bfd3-d094d57ae30f");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1732187738);..user_pref("app.update.lastUpdateTime.background-update-timer", 1732187738);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1732187738);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173218
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1765), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):13820
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.468376095099045
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:Nz+neRdIYbBp63nmUzaX486aRTPKWPaQr5RDNBw8d89mSl:NzkeYmUlvmyDWrwzw0
                                                                                                                                                                                                                                                                                                                                                          MD5:76A57A1237F4AF3002C71E4F1A4FB0F0
                                                                                                                                                                                                                                                                                                                                                          SHA1:12CDD3C852ED3C9FA739AB33E20F704A77AB93EA
                                                                                                                                                                                                                                                                                                                                                          SHA-256:5C93E0A8DC297FE8C66B083B4A6928BB4E0E24C5D0E3C37980FD13E27D6CB17B
                                                                                                                                                                                                                                                                                                                                                          SHA-512:27C5E848126D2D2E686A1B2016D16D1B7F16662DC76E485D89EB4C18A66E880304BC8CF1F2B9EBD748206A48394CF5D2E683029B88C3FA67FA61AC56DEED5F58
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "38829aa4-f57e-4fd8-bfd3-d094d57ae30f");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1732187738);..user_pref("app.update.lastUpdateTime.background-update-timer", 1732187738);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1732187738);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173218
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                          MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                          SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                          SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                          SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1567
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.327665689168528
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:v+USUGlcAxSBLXnIgrT/pnxQwRlszT5sKDqgY3eHVY+qo+pTYamhujJvyODox7IX:GUpOxkZnR6rRY3epfyTY4JaNIHiw
                                                                                                                                                                                                                                                                                                                                                          MD5:09AB8CF886D2219584215B0DC0991EF8
                                                                                                                                                                                                                                                                                                                                                          SHA1:715A4B270340E90AFD94DF29234BC7A70ACCFCD2
                                                                                                                                                                                                                                                                                                                                                          SHA-256:4B5C08803C13FD9E5A2871D2001BAB5A7C2ADE7A4B61B3AC456065BAD17543EA
                                                                                                                                                                                                                                                                                                                                                          SHA-512:2144A4DC19149F6EC53AB554EF4B7B4C729AE6B836F8DF360FB2668225CC2C4C139F911A2B8023BC953DC348B478A4F88C179D14AB2406FDEA896A302AC140C6
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{ad5a8b7e-13d7-4b4b-b079-c6b7ccd44e97}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1732187741151,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...890d5fc3-0c4c-4214-a93a-b8e730a022a1","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..P06792...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A4a32081674711da8c0af7e7198f4a549116c7011a74775b8dc2ae1b10b859df4","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...10982,"originA...."f
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1567
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.327665689168528
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:v+USUGlcAxSBLXnIgrT/pnxQwRlszT5sKDqgY3eHVY+qo+pTYamhujJvyODox7IX:GUpOxkZnR6rRY3epfyTY4JaNIHiw
                                                                                                                                                                                                                                                                                                                                                          MD5:09AB8CF886D2219584215B0DC0991EF8
                                                                                                                                                                                                                                                                                                                                                          SHA1:715A4B270340E90AFD94DF29234BC7A70ACCFCD2
                                                                                                                                                                                                                                                                                                                                                          SHA-256:4B5C08803C13FD9E5A2871D2001BAB5A7C2ADE7A4B61B3AC456065BAD17543EA
                                                                                                                                                                                                                                                                                                                                                          SHA-512:2144A4DC19149F6EC53AB554EF4B7B4C729AE6B836F8DF360FB2668225CC2C4C139F911A2B8023BC953DC348B478A4F88C179D14AB2406FDEA896A302AC140C6
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{ad5a8b7e-13d7-4b4b-b079-c6b7ccd44e97}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1732187741151,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...890d5fc3-0c4c-4214-a93a-b8e730a022a1","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..P06792...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A4a32081674711da8c0af7e7198f4a549116c7011a74775b8dc2ae1b10b859df4","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...10982,"originA...."f
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1567
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.327665689168528
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:v+USUGlcAxSBLXnIgrT/pnxQwRlszT5sKDqgY3eHVY+qo+pTYamhujJvyODox7IX:GUpOxkZnR6rRY3epfyTY4JaNIHiw
                                                                                                                                                                                                                                                                                                                                                          MD5:09AB8CF886D2219584215B0DC0991EF8
                                                                                                                                                                                                                                                                                                                                                          SHA1:715A4B270340E90AFD94DF29234BC7A70ACCFCD2
                                                                                                                                                                                                                                                                                                                                                          SHA-256:4B5C08803C13FD9E5A2871D2001BAB5A7C2ADE7A4B61B3AC456065BAD17543EA
                                                                                                                                                                                                                                                                                                                                                          SHA-512:2144A4DC19149F6EC53AB554EF4B7B4C729AE6B836F8DF360FB2668225CC2C4C139F911A2B8023BC953DC348B478A4F88C179D14AB2406FDEA896A302AC140C6
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{ad5a8b7e-13d7-4b4b-b079-c6b7ccd44e97}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1732187741151,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...890d5fc3-0c4c-4214-a93a-b8e730a022a1","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..P06792...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A4a32081674711da8c0af7e7198f4a549116c7011a74775b8dc2ae1b10b859df4","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...10982,"originA...."f
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 4, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):2.042811512334329
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:JBkSldh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jkSWEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                          MD5:21235938025E2102017AC8C9748948A4
                                                                                                                                                                                                                                                                                                                                                          SHA1:A1EED1C4588724A8396C95FC9923C0A33B360FF8
                                                                                                                                                                                                                                                                                                                                                          SHA-256:E34B06B180E3F73DC8E441650BB7FE694A9D58E927412D6ED40B0852B784824E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:D334B419A2A75179C17D7F53BF65FCC132ADE03B21059F0007ACDBB08284A281D8CE1C1CC598E6A070024D0DAE158E2E9618E121342BE068E87A051FE33D6061
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):4411
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.011657234582243
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YrSAYHudxUQZpExB1+anOpWZOVhFu1VuWxzzcsYMsku7f86SLAVL7DV9F5FtsfA6:ycHMTEr5RXxzzcBvbw6KkjVrrc2Rn27
                                                                                                                                                                                                                                                                                                                                                          MD5:4EDBB43A7B8F8C475FCEAA63AD4D1DC3
                                                                                                                                                                                                                                                                                                                                                          SHA1:D25260A7F58F654381C44E97F78716CF4F94BF21
                                                                                                                                                                                                                                                                                                                                                          SHA-256:AAD528AC71E9EE9FD2ABA4DDBBAD9EAD67CCCE5689EBAD5CCDA5B6E08CC98163
                                                                                                                                                                                                                                                                                                                                                          SHA-512:B4DC18F6524DA9876135825A36FECBAF4757F6F5037EDCF92E85965C979609943D7A5E0711CB95DBF62DFDCF6F89CDD2CB506BC7D78BDF377718A3A68ED1C235
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-11-21T11:15:15.674Z","profileAgeCreated":1696493964214,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):4411
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.011657234582243
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YrSAYHudxUQZpExB1+anOpWZOVhFu1VuWxzzcsYMsku7f86SLAVL7DV9F5FtsfA6:ycHMTEr5RXxzzcBvbw6KkjVrrc2Rn27
                                                                                                                                                                                                                                                                                                                                                          MD5:4EDBB43A7B8F8C475FCEAA63AD4D1DC3
                                                                                                                                                                                                                                                                                                                                                          SHA1:D25260A7F58F654381C44E97F78716CF4F94BF21
                                                                                                                                                                                                                                                                                                                                                          SHA-256:AAD528AC71E9EE9FD2ABA4DDBBAD9EAD67CCCE5689EBAD5CCDA5B6E08CC98163
                                                                                                                                                                                                                                                                                                                                                          SHA-512:B4DC18F6524DA9876135825A36FECBAF4757F6F5037EDCF92E85965C979609943D7A5E0711CB95DBF62DFDCF6F89CDD2CB506BC7D78BDF377718A3A68ED1C235
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-11-21T11:15:15.674Z","profileAgeCreated":1696493964214,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.591682873348031
                                                                                                                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                          File name:file.exe
                                                                                                                                                                                                                                                                                                                                                          File size:922'112 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5:825348bb7726434ff5305218f04085fa
                                                                                                                                                                                                                                                                                                                                                          SHA1:40cc20d2ba108a48f72683b0d71f794be9e17617
                                                                                                                                                                                                                                                                                                                                                          SHA256:e81c2909d03fef18975ca6d55b02fc2625c91a7c7be7c6b7f3d6ef13f4f90fd1
                                                                                                                                                                                                                                                                                                                                                          SHA512:3bc84b6c0fef00fdee69df12d9c29704d49404c9a794d8c5d7ff6546be60e17dad495d4262272a56a8f867f86ab68bae301f3769dc69a6f0d8137eeb11602b4d
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24576:aqDEvCTbMWu7rQYlBQcBiT6rprG8aqA5h:aTvC/MTQYxsWR7aqA
                                                                                                                                                                                                                                                                                                                                                          TLSH:D6159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....
                                                                                                                                                                                                                                                                                                                                                          Icon Hash:aaf3e3e3938382a0
                                                                                                                                                                                                                                                                                                                                                          Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                          Time Stamp:0x673EFC13 [Thu Nov 21 09:23:31 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                          OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                                                                                                                                                                                          File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                          Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                          Import Hash:948cc502fe9226992dce9417f952fce3
                                                                                                                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                                                                                                                          call 00007FC5C4FA4493h
                                                                                                                                                                                                                                                                                                                                                          jmp 00007FC5C4FA3D9Fh
                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                          push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                          call 00007FC5C4FA3F7Dh
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                          push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                          call 00007FC5C4FA3F4Ah
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                          lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                          mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                          add eax, 04h
                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                          call 00007FC5C4FA6B3Dh
                                                                                                                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                                                                                                                                                                                          lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                          call 00007FC5C4FA6B88h
                                                                                                                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                          lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                          call 00007FC5C4FA6B71h
                                                                                                                                                                                                                                                                                                                                                          test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                                                                                                                          Programming Language:
                                                                                                                                                                                                                                                                                                                                                          • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                          • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000xa7bc.rsrc
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xdf0000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                          .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                          .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                          .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                          .rsrc0xd40000xa7bc0xa8001d90f236a436bd83d3d4f6c8833694a6False0.36948939732142855data5.613779243744686IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                          .reloc0xdf0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                          RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                          RT_RCDATA0xdc7b80x1a84data1.0016205067766648
                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xde23c0x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xde2b40x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xde2c80x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xde2dc0x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                          RT_VERSION0xde2f00xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                          RT_MANIFEST0xde3cc0x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823
                                                                                                                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                                                                                                                          WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                          VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                          COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                          MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                          WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                          PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                          IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                          USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                          UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                          KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                          USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                          GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                          ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                          SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                          ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                          OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture
                                                                                                                                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                          EnglishGreat Britain
                                                                                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.622178078 CET49713443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.622205019 CET44349713142.250.184.206192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.622338057 CET49714443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.622364998 CET44349714142.250.184.206192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.622421026 CET49715443192.168.2.835.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.622451067 CET4434971535.190.72.216192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.622508049 CET49713443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.622642994 CET49714443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.622761011 CET49715443192.168.2.835.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.628097057 CET49713443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.628124952 CET44349713142.250.184.206192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.629391909 CET49714443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.629403114 CET44349714142.250.184.206192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.630584002 CET49715443192.168.2.835.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.630605936 CET4434971535.190.72.216192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.300017118 CET4971680192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.396516085 CET49717443192.168.2.834.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.396559954 CET4434971734.117.188.166192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.396781921 CET49717443192.168.2.834.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.398236990 CET49717443192.168.2.834.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.398251057 CET4434971734.117.188.166192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.398590088 CET49718443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.398598909 CET4434971835.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.398777008 CET49718443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.398883104 CET49718443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.398895979 CET4434971835.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.414192915 CET49719443192.168.2.834.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.414206028 CET4434971934.117.188.166192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.414417982 CET49719443192.168.2.834.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.415899038 CET49719443192.168.2.834.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.415914059 CET4434971934.117.188.166192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.419688940 CET804971634.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.419768095 CET4971680192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.419862986 CET4971680192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.539268017 CET804971634.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.674829006 CET49720443192.168.2.834.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.674926996 CET4434972034.160.144.191192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.689302921 CET49720443192.168.2.834.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.689584970 CET49720443192.168.2.834.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.689610004 CET4434972034.160.144.191192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.892154932 CET4434971535.190.72.216192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.892416000 CET49715443192.168.2.835.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.901527882 CET49715443192.168.2.835.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.901549101 CET4434971535.190.72.216192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.901711941 CET49715443192.168.2.835.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.901716948 CET4434971535.190.72.216192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.901729107 CET4434971535.190.72.216192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.902050972 CET49722443192.168.2.835.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.902089119 CET4434972235.190.72.216192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.902204037 CET49722443192.168.2.835.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.903347969 CET49722443192.168.2.835.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.903364897 CET4434972235.190.72.216192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.064193010 CET44349713142.250.184.206192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.065157890 CET44349713142.250.184.206192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.066307068 CET49713443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.066328049 CET44349713142.250.184.206192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.071095943 CET49713443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.071095943 CET49713443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.071110010 CET44349713142.250.184.206192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.071331978 CET44349713142.250.184.206192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.071408987 CET49713443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.105861902 CET44349714142.250.184.206192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.106111050 CET49714443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.106600046 CET44349714142.250.184.206192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.107333899 CET4434971535.190.72.216192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.111331940 CET44349714142.250.184.206192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.111486912 CET49715443192.168.2.835.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.111555099 CET49714443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.114924908 CET49714443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.114926100 CET49714443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.114936113 CET44349714142.250.184.206192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.115117073 CET44349714142.250.184.206192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.115278959 CET49723443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.115329981 CET44349723142.250.184.206192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.115350962 CET49714443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.115529060 CET49723443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.116849899 CET49723443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.116868019 CET44349723142.250.184.206192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.551326990 CET804971634.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.607636929 CET4971680192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.619107962 CET4434971835.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.619426012 CET49718443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.621781111 CET49718443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.621792078 CET4434971835.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.622205019 CET4434971835.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.623840094 CET49718443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.623936892 CET49718443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.624154091 CET4434971835.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.627041101 CET49718443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.628448963 CET4971680192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.645497084 CET49725443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.645534992 CET4434972534.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.663515091 CET49725443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.665163040 CET49725443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.665183067 CET4434972534.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.687335968 CET4434971934.117.188.166192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.694571972 CET49719443192.168.2.834.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.697952032 CET49719443192.168.2.834.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.697964907 CET4434971934.117.188.166192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.698065996 CET49719443192.168.2.834.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.698395014 CET4434971934.117.188.166192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.702805042 CET49719443192.168.2.834.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.702852964 CET49726443192.168.2.834.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.702893972 CET4434972634.117.188.166192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.703618050 CET49727443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.703629017 CET4434972735.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.703696966 CET49726443192.168.2.834.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.704749107 CET49727443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.705235004 CET49726443192.168.2.834.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.705248117 CET4434972634.117.188.166192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.705396891 CET49727443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.705403090 CET4434972735.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.705554962 CET49728443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.705600023 CET4434972834.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.706357956 CET49728443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.707823038 CET49728443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.707839012 CET4434972834.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.711184025 CET4434971734.117.188.166192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.719346046 CET4434971734.117.188.166192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.724988937 CET49717443192.168.2.834.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.728887081 CET49717443192.168.2.834.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.728897095 CET4434971734.117.188.166192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.728971004 CET49717443192.168.2.834.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.729084015 CET4434971734.117.188.166192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.733258009 CET49717443192.168.2.834.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.748152971 CET804971634.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.751507044 CET4971680192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.757633924 CET49729443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.757685900 CET4434972934.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.758047104 CET49729443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.759417057 CET49729443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.759428024 CET4434972934.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.851138115 CET4973080192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.851227045 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.903225899 CET4434972034.160.144.191192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.903238058 CET4434972034.160.144.191192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.903305054 CET49720443192.168.2.834.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.906255007 CET49720443192.168.2.834.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.906269073 CET4434972034.160.144.191192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.906547070 CET4434972034.160.144.191192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.909485102 CET49720443192.168.2.834.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.909557104 CET49720443192.168.2.834.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.909646988 CET4434972034.160.144.191192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.909790993 CET49720443192.168.2.834.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.970875025 CET804973034.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.970887899 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.970962048 CET4973080192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.971131086 CET4973080192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.971221924 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.971335888 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.092652082 CET804973034.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.092664957 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.113080978 CET4434972235.190.72.216192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.113919973 CET49722443192.168.2.835.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.117451906 CET49722443192.168.2.835.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.117460966 CET4434972235.190.72.216192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.117508888 CET49722443192.168.2.835.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.117582083 CET4434972235.190.72.216192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.118757010 CET49722443192.168.2.835.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.748850107 CET44349723142.250.184.206192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.749581099 CET44349723142.250.184.206192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.750957966 CET49723443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.750977993 CET44349723142.250.184.206192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.760905981 CET49723443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.760925055 CET44349723142.250.184.206192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.761029959 CET49723443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.761096954 CET44349723142.250.184.206192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.761178017 CET49723443192.168.2.8142.250.184.206
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.939070940 CET4434972735.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.939165115 CET49727443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.941802979 CET49727443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.941809893 CET4434972735.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.942011118 CET4434972735.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.944521904 CET49727443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.944566011 CET49727443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.944664955 CET4434972735.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.944721937 CET49727443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.961941004 CET4434972534.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.961961985 CET4434972534.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.962022066 CET49725443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.966747046 CET49725443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.966754913 CET4434972534.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.966815948 CET49725443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.967067003 CET4434972534.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.967118979 CET49725443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.970875025 CET4434972634.117.188.166192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.971259117 CET49726443192.168.2.834.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.975378990 CET49726443192.168.2.834.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.975389004 CET4434972634.117.188.166192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.975538015 CET49726443192.168.2.834.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.975636959 CET4434972634.117.188.166192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.975986004 CET49726443192.168.2.834.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.020543098 CET4434972934.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.020616055 CET49729443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.024005890 CET49729443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.024013042 CET4434972934.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.024074078 CET49729443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.024163008 CET4434972934.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.024218082 CET49729443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.027714014 CET4434972834.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.027805090 CET49728443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.031882048 CET49728443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.031903028 CET4434972834.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.031946898 CET49728443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.032161951 CET4434972834.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.037003994 CET49728443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.048172951 CET49732443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.048202991 CET4434973234.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.048294067 CET49732443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.048419952 CET49732443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.048429012 CET4434973234.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.109183073 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.124851942 CET4973080192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.147587061 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.163866043 CET49734443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.163892984 CET4434973434.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.165155888 CET49734443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.166416883 CET49734443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.166428089 CET4434973434.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.168952942 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.172961950 CET804973034.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.173171043 CET4973080192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.244826078 CET804973034.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.244889975 CET4973080192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.267189026 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.267302990 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.267466068 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.270215034 CET49735443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.270246983 CET4434973534.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.270385027 CET49735443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.289381027 CET49735443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.289400101 CET4434973534.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.386883974 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.260138988 CET4434973234.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.260209084 CET49732443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.263226986 CET49732443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.263247967 CET4434973234.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.263495922 CET4434973234.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.265640020 CET49732443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.265712976 CET49732443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.265831947 CET4434973234.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.265960932 CET49732443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.374537945 CET4434973434.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.374603987 CET49734443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.377948046 CET49734443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.377966881 CET4434973434.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.378040075 CET49734443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.378098965 CET4434973434.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.378154039 CET49734443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.398298979 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.443821907 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.549041986 CET4434973534.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.549124002 CET49735443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.553046942 CET49735443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.553055048 CET4434973534.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.553155899 CET49735443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.553512096 CET4434973534.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.553577900 CET49735443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.313684940 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.348809004 CET49737443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.348869085 CET4434973734.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.353730917 CET49737443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.433476925 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.637523890 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.685074091 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.868130922 CET49737443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.868155003 CET4434973734.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:16.124176979 CET4434973734.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:16.124253988 CET49737443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:16.128079891 CET49737443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:16.128088951 CET4434973734.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:16.128155947 CET49737443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:16.128216982 CET4434973734.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:16.128273964 CET49737443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.187473059 CET49738443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.187504053 CET4434973834.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.189413071 CET49739443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.189440012 CET4434973934.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.189599991 CET49740443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.189625025 CET4434974034.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.189738989 CET49741443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.189752102 CET4434974134.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.190114975 CET49739443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.190138102 CET49738443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.190217972 CET49740443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.190221071 CET49741443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.190346003 CET49738443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.190360069 CET4434973834.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.190488100 CET49741443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.190500975 CET4434974134.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.190584898 CET49739443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.190603971 CET4434973934.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.190614939 CET49740443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.190628052 CET4434974034.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.573204994 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.692722082 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.714293957 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.751450062 CET49743443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.751481056 CET4434974334.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.752116919 CET49743443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.755479097 CET49743443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.755491018 CET4434974334.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.834245920 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.897128105 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.942538023 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.038141966 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.084101915 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.399974108 CET4434974034.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.400085926 CET49740443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.403332949 CET49740443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.403342009 CET4434974034.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.403599977 CET4434974034.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.406192064 CET49740443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.406342030 CET4434974034.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.406361103 CET49740443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.406367064 CET4434974034.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.447562933 CET4434974134.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.447650909 CET49741443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.450716972 CET49741443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.450726032 CET4434974134.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.450942993 CET4434974134.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.453083038 CET4434973834.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.453267097 CET49738443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.453267097 CET49741443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.453404903 CET49741443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.453413010 CET4434974134.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.453424931 CET4434974134.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.456201077 CET49738443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.456207037 CET4434973834.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.456404924 CET4434973834.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.459089994 CET49738443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.459161997 CET49738443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.459204912 CET4434973834.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.464234114 CET49738443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.495016098 CET4434973934.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.495122910 CET49739443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.498014927 CET49739443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.498022079 CET4434973934.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.498353958 CET4434973934.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.500049114 CET49739443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.500190973 CET49739443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.500216961 CET4434973934.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.511152029 CET49739443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.511198044 CET49739443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.611335039 CET4434974034.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.611506939 CET49740443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.663363934 CET4434974134.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.663450956 CET49741443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:20.062661886 CET4434974334.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:20.064589977 CET49743443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:20.868124962 CET49743443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:20.868144989 CET4434974334.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:20.868309975 CET49743443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:20.868370056 CET4434974334.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:20.869416952 CET49743443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.008567095 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.016073942 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.128150940 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.135812998 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.332380056 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.333549023 CET49745443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.333595991 CET4434974534.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.337353945 CET49745443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.337670088 CET49745443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.337690115 CET4434974534.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.339987040 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.388550043 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.388565063 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.485234022 CET49746443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.485286951 CET4434974634.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.487001896 CET49746443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.488548040 CET49746443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.488563061 CET4434974634.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.488790989 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.608822107 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.072964907 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.121949911 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.181102991 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.181164026 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.594150066 CET4434974534.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.594237089 CET49745443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.638659000 CET49745443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.638698101 CET4434974534.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.639139891 CET4434974534.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.641637087 CET49745443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.641772032 CET49745443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.641901970 CET4434974534.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.642003059 CET49745443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.649060011 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.745445967 CET4434974634.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.746026039 CET49746443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.751331091 CET49746443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.751338959 CET4434974634.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.751478910 CET49746443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.751612902 CET4434974634.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.752474070 CET49746443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.757648945 CET49747443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.757719040 CET4434974734.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.757975101 CET49747443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.759453058 CET49747443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.759466887 CET4434974734.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.768538952 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.972570896 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:23.024713993 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.049063921 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.062494040 CET4434974734.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.062556028 CET49747443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.067374945 CET49747443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.067395926 CET4434974734.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.067465067 CET49747443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.067595959 CET4434974734.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.069613934 CET49747443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.070290089 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.077042103 CET49748443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.077084064 CET4434974834.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.077264071 CET49748443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.078695059 CET49748443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.078710079 CET4434974834.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.168718100 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.189738989 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.372980118 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.393702984 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.396290064 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.451035023 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.515927076 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.720169067 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.767457962 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:25.334913015 CET4434974834.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:25.336261988 CET49748443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:25.340003014 CET49748443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:25.340012074 CET4434974834.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:25.340114117 CET49748443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:25.340179920 CET4434974834.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:25.341278076 CET49748443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:25.344348907 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:25.463824987 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:25.668320894 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:25.671303034 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:25.716947079 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:25.791208029 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:25.995372057 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:26.055671930 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:28.857253075 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:28.976754904 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:29.180799961 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:29.189846039 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:29.227509975 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:29.309492111 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:29.513524055 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:29.566216946 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:31.249486923 CET49750443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:31.249507904 CET4434975034.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:31.249856949 CET49750443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:31.251302004 CET49750443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:31.251317024 CET4434975034.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:32.509910107 CET4434975034.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:32.510000944 CET49750443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:32.514091969 CET49750443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:32.514111996 CET4434975034.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:32.514273882 CET4434975034.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:32.514297962 CET49750443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:32.514307022 CET4434975034.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:32.514419079 CET49750443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:32.516690016 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:32.636097908 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:32.840423107 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:32.844377041 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:32.880991936 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:32.964015007 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:33.168051958 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:33.223706007 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.240123987 CET49751443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.240161896 CET4434975135.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.241122961 CET49751443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.241286039 CET49751443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.241297960 CET4434975135.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.243316889 CET49752443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.243343115 CET4434975234.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.243516922 CET49752443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.243588924 CET49752443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.243596077 CET4434975234.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.266881943 CET49753443192.168.2.835.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.266917944 CET4434975335.190.72.216192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.267422915 CET49753443192.168.2.835.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.268912077 CET49753443192.168.2.835.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.268922091 CET4434975335.190.72.216192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.468733072 CET49754443192.168.2.8151.101.193.91
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.468787909 CET44349754151.101.193.91192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.468965054 CET49754443192.168.2.8151.101.193.91
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.469113111 CET49754443192.168.2.8151.101.193.91
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.469122887 CET44349754151.101.193.91192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.495814085 CET49755443192.168.2.835.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.495826960 CET4434975535.201.103.21192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.495903015 CET49755443192.168.2.835.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.497318983 CET49755443192.168.2.835.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.497330904 CET4434975535.201.103.21192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.502875090 CET4434975135.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.502969980 CET49751443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.504904032 CET4434975234.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.504981041 CET49752443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.506252050 CET49751443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.506263018 CET4434975135.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.506586075 CET4434975135.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.509201050 CET49752443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.509222031 CET4434975234.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.509500027 CET4434975234.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.512145996 CET49751443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.512259007 CET49751443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.512433052 CET4434975135.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.512496948 CET49752443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.512550116 CET49752443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.512686968 CET4434975234.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.512711048 CET49751443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.512988091 CET49752443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.516882896 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.578927040 CET4434975335.190.72.216192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.579070091 CET49753443192.168.2.835.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.583153963 CET49753443192.168.2.835.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.583163023 CET4434975335.190.72.216192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.583261013 CET49753443192.168.2.835.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.583307981 CET4434975335.190.72.216192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.583928108 CET49753443192.168.2.835.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.638191938 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.767669916 CET4434975535.201.103.21192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.767756939 CET49755443192.168.2.835.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.773411989 CET49755443192.168.2.835.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.773437023 CET4434975535.201.103.21192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.773538113 CET49755443192.168.2.835.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.773710966 CET4434975535.201.103.21192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.773787975 CET49755443192.168.2.835.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.778044939 CET49756443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.778074980 CET4434975634.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.778306007 CET49756443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.778395891 CET49756443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.778403044 CET4434975634.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.779424906 CET44349754151.101.193.91192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.779498100 CET49754443192.168.2.8151.101.193.91
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.782552004 CET49754443192.168.2.8151.101.193.91
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.782567978 CET44349754151.101.193.91192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.783024073 CET44349754151.101.193.91192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.785629988 CET49754443192.168.2.8151.101.193.91
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.785722017 CET49754443192.168.2.8151.101.193.91
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.785871983 CET44349754151.101.193.91192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.790471077 CET49754443192.168.2.8151.101.193.91
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.795074940 CET49757443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.795120955 CET4434975735.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.795593023 CET49757443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.795696020 CET49757443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.795716047 CET4434975735.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.797244072 CET49758443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.797321081 CET4434975835.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.797874928 CET49758443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.798016071 CET49758443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.798057079 CET4434975835.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.800858021 CET49759443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.800898075 CET4434975935.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.801028013 CET49759443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.801141024 CET49759443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.801163912 CET4434975935.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.842749119 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.854600906 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.890707016 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.974301100 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:38.178231001 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:38.222851038 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.065635920 CET4434975735.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.065674067 CET4434975835.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.065823078 CET49758443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.065826893 CET49757443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.068780899 CET49757443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.068802118 CET4434975735.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.069039106 CET4434975735.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.071010113 CET4434975935.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.071084976 CET49759443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.071172953 CET49758443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.071183920 CET4434975835.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.071460962 CET4434975835.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.074114084 CET49759443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.074130058 CET4434975935.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.074359894 CET4434975935.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.077447891 CET49757443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.077555895 CET49757443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.077610016 CET4434975735.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.078255892 CET49758443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.078306913 CET49758443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.079215050 CET49759443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.079310894 CET49759443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.079364061 CET4434975935.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.079648018 CET4434975835.244.181.201192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.082422018 CET4434975634.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.083535910 CET49759443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.083569050 CET49757443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.083569050 CET49759443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.083576918 CET49758443192.168.2.835.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.083612919 CET49756443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.086662054 CET49756443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.086685896 CET4434975634.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.086795092 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.087049961 CET4434975634.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.090281963 CET49756443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.090351105 CET49756443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.090503931 CET4434975634.149.100.209192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.090969086 CET49756443192.168.2.834.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.206614017 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.410475016 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.413511038 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.457637072 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.533107042 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.737098932 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.796343088 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:49.425466061 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:49.554141045 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:49.742027998 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:49.861681938 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:53.316407919 CET49761443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:53.316504955 CET4434976134.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:53.316946983 CET49761443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:53.318456888 CET49761443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:53.318506002 CET4434976134.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:54.594055891 CET4434976134.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:54.594847918 CET49761443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:54.599220991 CET49761443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:54.599244118 CET4434976134.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:54.599348068 CET49761443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:54.599457979 CET4434976134.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:54.599596977 CET49761443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:54.602946997 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:54.722569942 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:54.926702976 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:54.929790020 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:54.970875978 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:55.049340963 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:55.259243965 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:55.302870035 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:04.930532932 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.050148964 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.269165993 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.388596058 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.685370922 CET49763443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.685422897 CET4434976334.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.685703039 CET49764443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.685739994 CET4434976434.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.685864925 CET49765443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.685887098 CET4434976534.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.685952902 CET49763443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.686220884 CET49766443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.686222076 CET49764443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.686232090 CET4434976634.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.686372995 CET49767443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.686391115 CET4434976734.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.686542988 CET49768443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.686559916 CET4434976834.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.686697960 CET49763443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.686706066 CET4434976334.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.686825037 CET49764443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.686830997 CET4434976434.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.687995911 CET49765443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.688024044 CET49767443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.688025951 CET49768443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.688123941 CET49766443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.688276052 CET49765443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.688288927 CET4434976534.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.688405991 CET49768443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.688416004 CET4434976834.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.688503981 CET49767443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.688515902 CET4434976734.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.688595057 CET49766443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.688606977 CET4434976634.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.899445057 CET4434976334.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.899570942 CET49763443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.900836945 CET4434976634.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.901079893 CET49766443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.904203892 CET49763443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.904226065 CET4434976334.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.904508114 CET4434976334.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.907732964 CET49766443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.907747030 CET4434976634.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.908138037 CET4434976634.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.912823915 CET49763443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.912949085 CET49763443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.913007021 CET4434976334.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.913538933 CET49769443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.913651943 CET4434976934.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.913770914 CET49766443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.913868904 CET49766443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.914004087 CET4434976634.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.914319992 CET49770443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.914350986 CET4434977034.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.914473057 CET49763443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.914509058 CET49766443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.914530993 CET49769443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.914716005 CET49770443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.914958000 CET49769443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.914997101 CET4434976934.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.915038109 CET49770443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.915049076 CET4434977034.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.917702913 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.947460890 CET4434976534.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.947556973 CET49765443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.951292992 CET49765443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.951307058 CET4434976534.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.951545000 CET4434976534.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.953932047 CET4434976734.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.954031944 CET49765443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.954164982 CET49765443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.954164982 CET49767443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.954171896 CET4434976534.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.954183102 CET4434976534.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.955076933 CET4434976434.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.955198050 CET49764443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.957160950 CET49767443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.957176924 CET4434976734.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.957580090 CET4434976734.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.959744930 CET49764443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.959777117 CET4434976434.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.960665941 CET4434976434.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.963155031 CET49767443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.963300943 CET49767443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.963421106 CET4434976734.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.963510990 CET49764443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.963562965 CET49764443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.963702917 CET49767443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.963954926 CET4434976434.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.964024067 CET49764443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.999020100 CET4434976834.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.999139071 CET49768443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:07.002325058 CET49768443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:07.002334118 CET4434976834.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:07.003005028 CET4434976834.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:07.004903078 CET49768443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:07.005023956 CET49768443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:07.005191088 CET4434976834.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:07.005661964 CET49768443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:07.037230968 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:07.159329891 CET4434976534.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:07.159400940 CET49765443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:07.241369963 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:07.244379044 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:07.295783997 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:07.364510059 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:07.655256987 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:07.697118044 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.176824093 CET4434977034.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.176932096 CET49770443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.179266930 CET4434976934.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.180058956 CET49770443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.180066109 CET4434977034.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.180250883 CET49769443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.181350946 CET4434977034.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.182503939 CET49769443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.182522058 CET4434976934.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.182754993 CET4434976934.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.185972929 CET49769443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.186083078 CET49769443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.186109066 CET4434976934.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.186197042 CET49770443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.186220884 CET49770443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.186346054 CET49769443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.186409950 CET4434977034.120.208.123192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.186465979 CET49770443192.168.2.834.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.189024925 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.308485985 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.512763023 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.516560078 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.561830997 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.636152029 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.840022087 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.900629997 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:18.526360989 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:18.645945072 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:18.842819929 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:18.963068008 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:28.655096054 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:28.774724007 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:28.971752882 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:29.091444969 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:34.966610909 CET49771443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:34.966644049 CET4434977134.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:34.966730118 CET49771443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:34.968063116 CET49771443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:34.968075037 CET4434977134.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.177668095 CET4434977134.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.177817106 CET49771443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.181385994 CET49771443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.181397915 CET4434977134.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.181492090 CET49771443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.181576967 CET4434977134.107.243.93192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.181704044 CET49771443192.168.2.834.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.183948994 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.303540945 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.507687092 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.511715889 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.556437969 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.631458998 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.835656881 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.879718065 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:46.523359060 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:46.643049955 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:46.839849949 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:46.959865093 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:56.652540922 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:56.772943974 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:56.969033957 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:57.088763952 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:40:06.778019905 CET4973180192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:40:06.897986889 CET804973134.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:40:07.094558001 CET4973380192.168.2.834.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:40:07.214426994 CET804973334.107.221.82192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.348917007 CET4921853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.357367039 CET5848753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.583781958 CET53584871.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.639386892 CET4973453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.639883041 CET5308853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.640347004 CET5036953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.070564985 CET53497341.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.070583105 CET53530881.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.070593119 CET53503691.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.071281910 CET5036053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.071538925 CET4924853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.071576118 CET5873053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.166691065 CET5981853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.181898117 CET5001353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.299333096 CET53492481.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.299345970 CET53503601.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.299582958 CET53587301.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.395528078 CET53598181.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.396671057 CET5408053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.398950100 CET6295653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.411684990 CET53500131.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.414349079 CET6462253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.441251040 CET5947153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.605338097 CET5380353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.622616053 CET53540801.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.625147104 CET5270553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.625464916 CET53629561.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.629964113 CET5373353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.641154051 CET53646221.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.665008068 CET5849053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.667258978 CET53594711.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.850769043 CET53527051.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.851629019 CET5680953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.855839968 CET53537331.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.890604019 CET53584901.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.954010010 CET5728753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.078226089 CET53568091.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.078964949 CET6449653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.182411909 CET53572871.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.183442116 CET5389153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.305464983 CET53644961.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.310926914 CET53528641.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.409779072 CET53538911.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.413829088 CET4935253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.482693911 CET5634653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.583306074 CET6454153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.618869066 CET5271353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.619215012 CET4951653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.639955997 CET53493521.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.708797932 CET53563461.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.761771917 CET6278753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.762125969 CET5760353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.809987068 CET53645411.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.845455885 CET53527131.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.987745047 CET53627871.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.987962008 CET53576031.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.003211021 CET5973853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.003278971 CET6301153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.230637074 CET53630111.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.230715036 CET53597381.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.293941021 CET5428153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.294128895 CET5329153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.295506001 CET5266753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.520296097 CET53542811.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.520999908 CET53532911.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.521493912 CET53526671.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.868678093 CET6301153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.868892908 CET6314353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.871726036 CET5150653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.096919060 CET53630111.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.097619057 CET5868153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.097676992 CET53631431.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.098098993 CET6528453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.100620031 CET53515061.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.101005077 CET6248353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.333209038 CET53586811.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.333570957 CET53652841.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.336313009 CET53624831.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.340311050 CET5393653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.340775967 CET5919353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.351752996 CET5185353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.566057920 CET53539361.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.566843033 CET53591931.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.574369907 CET5804053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.577344894 CET53518531.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.586981058 CET6192153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.587378025 CET5816253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.801232100 CET53580401.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.801877022 CET5330253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.813503981 CET53619211.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.814071894 CET5558053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.814126015 CET53581621.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.814591885 CET5029853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:16.027698994 CET53533021.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:16.029794931 CET6532753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:16.040122032 CET53555801.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:16.040246010 CET53502981.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:16.255481005 CET53653271.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.751729012 CET6074853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.977551937 CET53607481.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.337004900 CET4925553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.563019991 CET53492551.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:31.021117926 CET6378353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:31.248342991 CET53637831.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:31.249428988 CET5731953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:31.475370884 CET53573191.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.239372015 CET5013753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.240709066 CET5261953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.268675089 CET5379753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.467454910 CET53501371.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.468116999 CET53526191.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.468909025 CET5283053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.494971991 CET53537971.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.496134996 CET5913253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.696012020 CET53528301.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.697613955 CET5612353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.722419024 CET53591321.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.723248005 CET6228853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.923429012 CET53561231.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.949532986 CET53622881.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.517232895 CET6551553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.746458054 CET6437453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.972645044 CET53643741.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:53.315332890 CET5367453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:53.541647911 CET53536741.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:53.543605089 CET6319253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:53.769310951 CET53631921.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.686288118 CET6178653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.912965059 CET53617861.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:34.738724947 CET5911453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:34.965511084 CET53591141.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:34.966331005 CET5370553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:35.192615986 CET53537051.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.184217930 CET5233053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.348917007 CET192.168.2.81.1.1.10xe61dStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.357367039 CET192.168.2.81.1.1.10x35bdStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.639386892 CET192.168.2.81.1.1.10xe619Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.639883041 CET192.168.2.81.1.1.10xeb2dStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.640347004 CET192.168.2.81.1.1.10x2c7cStandard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.071281910 CET192.168.2.81.1.1.10xae5eStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.071538925 CET192.168.2.81.1.1.10x2901Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.071576118 CET192.168.2.81.1.1.10xe80eStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.166691065 CET192.168.2.81.1.1.10xab3fStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.181898117 CET192.168.2.81.1.1.10x60afStandard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.396671057 CET192.168.2.81.1.1.10x6998Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.398950100 CET192.168.2.81.1.1.10x7a94Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.414349079 CET192.168.2.81.1.1.10x9c18Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.441251040 CET192.168.2.81.1.1.10xcafcStandard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.605338097 CET192.168.2.81.1.1.10x5c6aStandard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.625147104 CET192.168.2.81.1.1.10x56c6Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.629964113 CET192.168.2.81.1.1.10x181dStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.665008068 CET192.168.2.81.1.1.10xc537Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.851629019 CET192.168.2.81.1.1.10xc4e4Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.954010010 CET192.168.2.81.1.1.10xb3dbStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.078964949 CET192.168.2.81.1.1.10x4890Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.183442116 CET192.168.2.81.1.1.10xce6bStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.413829088 CET192.168.2.81.1.1.10x9483Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.482693911 CET192.168.2.81.1.1.10x76d3Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.583306074 CET192.168.2.81.1.1.10xc820Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.618869066 CET192.168.2.81.1.1.10x4a47Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.619215012 CET192.168.2.81.1.1.10xbb24Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.761771917 CET192.168.2.81.1.1.10x33a0Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.762125969 CET192.168.2.81.1.1.10xcd9dStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.003211021 CET192.168.2.81.1.1.10x7502Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:11.003278971 CET192.168.2.81.1.1.10x5f39Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.293941021 CET192.168.2.81.1.1.10xdad0Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.294128895 CET192.168.2.81.1.1.10x11fcStandard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.295506001 CET192.168.2.81.1.1.10xad52Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.868678093 CET192.168.2.81.1.1.10x44e6Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.868892908 CET192.168.2.81.1.1.10x105Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.871726036 CET192.168.2.81.1.1.10x8f0fStandard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.097619057 CET192.168.2.81.1.1.10x5ee2Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.098098993 CET192.168.2.81.1.1.10xae00Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.101005077 CET192.168.2.81.1.1.10x5476Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.340311050 CET192.168.2.81.1.1.10xaba9Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.340775967 CET192.168.2.81.1.1.10xcfcdStandard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.351752996 CET192.168.2.81.1.1.10xdf99Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.574369907 CET192.168.2.81.1.1.10x2e78Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.586981058 CET192.168.2.81.1.1.10xfbe6Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.587378025 CET192.168.2.81.1.1.10x272Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.801877022 CET192.168.2.81.1.1.10x1bdfStandard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.814071894 CET192.168.2.81.1.1.10x77f8Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.814591885 CET192.168.2.81.1.1.10xe7caStandard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:16.029794931 CET192.168.2.81.1.1.10x337Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.751729012 CET192.168.2.81.1.1.10x944dStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.337004900 CET192.168.2.81.1.1.10xcb14Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:31.021117926 CET192.168.2.81.1.1.10x10dfStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:31.249428988 CET192.168.2.81.1.1.10x72a4Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.239372015 CET192.168.2.81.1.1.10xc2fcStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.240709066 CET192.168.2.81.1.1.10x274fStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.268675089 CET192.168.2.81.1.1.10x26eaStandard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.468909025 CET192.168.2.81.1.1.10x68f2Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.496134996 CET192.168.2.81.1.1.10x227fStandard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.697613955 CET192.168.2.81.1.1.10x9320Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.723248005 CET192.168.2.81.1.1.10xa2caStandard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.517232895 CET192.168.2.81.1.1.10x8e15Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.746458054 CET192.168.2.81.1.1.10x4574Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:53.315332890 CET192.168.2.81.1.1.10x236dStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:53.543605089 CET192.168.2.81.1.1.10xf410Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.686288118 CET192.168.2.81.1.1.10x8ac7Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:34.738724947 CET192.168.2.81.1.1.10x35f5Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:34.966331005 CET192.168.2.81.1.1.10x4e30Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.184217930 CET192.168.2.81.1.1.10xd5ddStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.575092077 CET1.1.1.1192.168.2.80xe61dNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.575092077 CET1.1.1.1192.168.2.80xe61dNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.583781958 CET1.1.1.1192.168.2.80x35bdNo error (0)youtube.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:08.584435940 CET1.1.1.1192.168.2.80x8fc2No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.070564985 CET1.1.1.1192.168.2.80xe619No error (0)youtube.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.070583105 CET1.1.1.1192.168.2.80xeb2dNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.070593119 CET1.1.1.1192.168.2.80x2c7cNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.299333096 CET1.1.1.1192.168.2.80x2901No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.299345970 CET1.1.1.1192.168.2.80xae5eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.395528078 CET1.1.1.1192.168.2.80xab3fNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.396975040 CET1.1.1.1192.168.2.80xb98No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.396975040 CET1.1.1.1192.168.2.80xb98No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.411684990 CET1.1.1.1192.168.2.80x60afNo error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.411684990 CET1.1.1.1192.168.2.80x60afNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.622616053 CET1.1.1.1192.168.2.80x6998No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.625464916 CET1.1.1.1192.168.2.80x7a94No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.641154051 CET1.1.1.1192.168.2.80x9c18No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.667258978 CET1.1.1.1192.168.2.80xcafcNo error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.667258978 CET1.1.1.1192.168.2.80xcafcNo error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.667258978 CET1.1.1.1192.168.2.80xcafcNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.832014084 CET1.1.1.1192.168.2.80x5c6aNo error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.078226089 CET1.1.1.1192.168.2.80xc4e4No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.182411909 CET1.1.1.1192.168.2.80xb3dbNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.305464983 CET1.1.1.1192.168.2.80x4890No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.409779072 CET1.1.1.1192.168.2.80xce6bNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.685347080 CET1.1.1.1192.168.2.80x8fc0No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.701445103 CET1.1.1.1192.168.2.80x7970No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.701445103 CET1.1.1.1192.168.2.80x7970No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.708797932 CET1.1.1.1192.168.2.80x76d3No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.708797932 CET1.1.1.1192.168.2.80x76d3No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.809987068 CET1.1.1.1192.168.2.80xc820No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.845455885 CET1.1.1.1192.168.2.80x4a47No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.845455885 CET1.1.1.1192.168.2.80x4a47No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.846605062 CET1.1.1.1192.168.2.80xbb24No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.846605062 CET1.1.1.1192.168.2.80xbb24No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.987745047 CET1.1.1.1192.168.2.80x33a0No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.987962008 CET1.1.1.1192.168.2.80xcd9dNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.267008066 CET1.1.1.1192.168.2.80xa3a3No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.520296097 CET1.1.1.1192.168.2.80xdad0No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.520296097 CET1.1.1.1192.168.2.80xdad0No error (0)star-mini.c10r.facebook.com157.240.251.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.520999908 CET1.1.1.1192.168.2.80x11fcNo error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.520999908 CET1.1.1.1192.168.2.80x11fcNo error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.520999908 CET1.1.1.1192.168.2.80x11fcNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.521493912 CET1.1.1.1192.168.2.80xad52No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.521493912 CET1.1.1.1192.168.2.80xad52No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.521493912 CET1.1.1.1192.168.2.80xad52No error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.521493912 CET1.1.1.1192.168.2.80xad52No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.521493912 CET1.1.1.1192.168.2.80xad52No error (0)youtube-ui.l.google.com216.58.212.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.521493912 CET1.1.1.1192.168.2.80xad52No error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.521493912 CET1.1.1.1192.168.2.80xad52No error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.521493912 CET1.1.1.1192.168.2.80xad52No error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.521493912 CET1.1.1.1192.168.2.80xad52No error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.521493912 CET1.1.1.1192.168.2.80xad52No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.521493912 CET1.1.1.1192.168.2.80xad52No error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.521493912 CET1.1.1.1192.168.2.80xad52No error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.521493912 CET1.1.1.1192.168.2.80xad52No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.521493912 CET1.1.1.1192.168.2.80xad52No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.521493912 CET1.1.1.1192.168.2.80xad52No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.521493912 CET1.1.1.1192.168.2.80xad52No error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.521493912 CET1.1.1.1192.168.2.80xad52No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.096919060 CET1.1.1.1192.168.2.80x44e6No error (0)youtube-ui.l.google.com172.217.23.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.096919060 CET1.1.1.1192.168.2.80x44e6No error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.096919060 CET1.1.1.1192.168.2.80x44e6No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.096919060 CET1.1.1.1192.168.2.80x44e6No error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.096919060 CET1.1.1.1192.168.2.80x44e6No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.096919060 CET1.1.1.1192.168.2.80x44e6No error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.096919060 CET1.1.1.1192.168.2.80x44e6No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.096919060 CET1.1.1.1192.168.2.80x44e6No error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.096919060 CET1.1.1.1192.168.2.80x44e6No error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.096919060 CET1.1.1.1192.168.2.80x44e6No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.096919060 CET1.1.1.1192.168.2.80x44e6No error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.096919060 CET1.1.1.1192.168.2.80x44e6No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.096919060 CET1.1.1.1192.168.2.80x44e6No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.096919060 CET1.1.1.1192.168.2.80x44e6No error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.096919060 CET1.1.1.1192.168.2.80x44e6No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.096919060 CET1.1.1.1192.168.2.80x44e6No error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.097676992 CET1.1.1.1192.168.2.80x105No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.100620031 CET1.1.1.1192.168.2.80x8f0fNo error (0)star-mini.c10r.facebook.com157.240.253.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.333209038 CET1.1.1.1192.168.2.80x5ee2No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.333209038 CET1.1.1.1192.168.2.80x5ee2No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.333209038 CET1.1.1.1192.168.2.80x5ee2No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.333209038 CET1.1.1.1192.168.2.80x5ee2No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.336313009 CET1.1.1.1192.168.2.80x5476No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.566057920 CET1.1.1.1192.168.2.80xaba9No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.566057920 CET1.1.1.1192.168.2.80xaba9No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.566843033 CET1.1.1.1192.168.2.80xcfcdNo error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.566843033 CET1.1.1.1192.168.2.80xcfcdNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.566843033 CET1.1.1.1192.168.2.80xcfcdNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.566843033 CET1.1.1.1192.168.2.80xcfcdNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.566843033 CET1.1.1.1192.168.2.80xcfcdNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.577344894 CET1.1.1.1192.168.2.80xdf99No error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.801232100 CET1.1.1.1192.168.2.80x2e78No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.801232100 CET1.1.1.1192.168.2.80x2e78No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.801232100 CET1.1.1.1192.168.2.80x2e78No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.801232100 CET1.1.1.1192.168.2.80x2e78No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.813503981 CET1.1.1.1192.168.2.80xfbe6No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:15.814126015 CET1.1.1.1192.168.2.80x272No error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:16.040122032 CET1.1.1.1192.168.2.80x77f8No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:31.248342991 CET1.1.1.1192.168.2.80x10dfNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.467454910 CET1.1.1.1192.168.2.80xc2fcNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.467454910 CET1.1.1.1192.168.2.80xc2fcNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.467454910 CET1.1.1.1192.168.2.80xc2fcNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.467454910 CET1.1.1.1192.168.2.80xc2fcNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.494971991 CET1.1.1.1192.168.2.80x26eaNo error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.494971991 CET1.1.1.1192.168.2.80x26eaNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.696012020 CET1.1.1.1192.168.2.80x68f2No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.696012020 CET1.1.1.1192.168.2.80x68f2No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.696012020 CET1.1.1.1192.168.2.80x68f2No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.696012020 CET1.1.1.1192.168.2.80x68f2No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.722419024 CET1.1.1.1192.168.2.80x227fNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.923429012 CET1.1.1.1192.168.2.80x9320No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.923429012 CET1.1.1.1192.168.2.80x9320No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.923429012 CET1.1.1.1192.168.2.80x9320No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:36.923429012 CET1.1.1.1192.168.2.80x9320No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.744740009 CET1.1.1.1192.168.2.80x8e15No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.744740009 CET1.1.1.1192.168.2.80x8e15No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.972645044 CET1.1.1.1192.168.2.80x4574No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.314279079 CET1.1.1.1192.168.2.80xfe39No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.314279079 CET1.1.1.1192.168.2.80xfe39No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:53.541647911 CET1.1.1.1192.168.2.80x236dNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.680237055 CET1.1.1.1192.168.2.80x49b3No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:34.965511084 CET1.1.1.1192.168.2.80x35f5No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.411194086 CET1.1.1.1192.168.2.80xd5ddNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.411194086 CET1.1.1.1192.168.2.80xd5ddNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          • detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          0192.168.2.84971634.107.221.82808124C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:09.419862986 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.551326990 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 11:18:31 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 80379
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          1192.168.2.84973034.107.221.82808124C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.971131086 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.172961950 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 45914
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          2192.168.2.84973134.107.221.82808124C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:10.971335888 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.109183073 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 57854
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.313684940 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:14.637523890 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 57857
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.714293957 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:19.038141966 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 57861
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.016073942 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.339987040 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 57864
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.649060011 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.972570896 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 57865
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.070290089 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.393702984 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 57867
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:25.344348907 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:25.668320894 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 57868
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:28.857253075 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:29.180799961 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 57872
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:32.516690016 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:32.840423107 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 57875
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.516882896 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.842749119 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 57880
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.086795092 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.410475016 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 57882
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:49.425466061 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:54.602946997 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:54.926702976 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 57897
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:04.930532932 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:06.917702913 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:07.241369963 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 57910
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.189024925 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.512763023 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 57911
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:18.526360989 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:28.655096054 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.183948994 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.507687092 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 57939
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:46.523359060 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:56.652540922 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:40:06.778019905 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          3192.168.2.84973334.107.221.82808124C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:12.267466068 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:13.398298979 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 45915
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.573204994 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:18.897128105 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 45920
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.008567095 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.332380056 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 45923
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:21.488790989 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.072964907 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 45923
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:22.181102991 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 45923
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.049063921 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.372980118 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 45926
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.396290064 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:24.720169067 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 45926
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:25.671303034 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:25.995372057 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 45927
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:29.189846039 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:29.513524055 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 45931
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:32.844377041 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:33.168051958 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 45935
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:37.854600906 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:38.178231001 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 45940
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.413511038 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:39.737098932 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 45941
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:49.742027998 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:54.929790020 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:38:55.259243965 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 45957
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:05.269165993 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:07.244379044 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:07.655256987 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 45969
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.516560078 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:08.840022087 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 45970
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:18.842819929 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:28.971752882 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.511715889 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:36.835656881 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 45998
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:46.839849949 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:39:56.969033957 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 21, 2024 10:40:07.094558001 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                                                                                                                          Start time:04:38:00
                                                                                                                                                                                                                                                                                                                                                          Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x100000
                                                                                                                                                                                                                                                                                                                                                          File size:922'112 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:825348BB7726434FF5305218F04085FA
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                                                                                                                                                                                          Start time:04:38:00
                                                                                                                                                                                                                                                                                                                                                          Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0xf0000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                                                                                                                                                          Start time:04:38:00
                                                                                                                                                                                                                                                                                                                                                          Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                                                                                                                                          Start time:04:38:03
                                                                                                                                                                                                                                                                                                                                                          Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0xf0000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                                                                                                                                                          Start time:04:38:03
                                                                                                                                                                                                                                                                                                                                                          Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                                                                                                                                                          Start time:04:38:03
                                                                                                                                                                                                                                                                                                                                                          Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0xf0000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                                                                                                                                                                          Start time:04:38:03
                                                                                                                                                                                                                                                                                                                                                          Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                                                                                                                                                                                          Start time:04:38:03
                                                                                                                                                                                                                                                                                                                                                          Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0xf0000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                                                                                                                                                                          Start time:04:38:03
                                                                                                                                                                                                                                                                                                                                                          Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                                                                                                                                                                                          Start time:04:38:03
                                                                                                                                                                                                                                                                                                                                                          Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0xf0000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                                                                                                                                                          Start time:04:38:03
                                                                                                                                                                                                                                                                                                                                                          Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                                                                                                                                                                          Start time:04:38:03
                                                                                                                                                                                                                                                                                                                                                          Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d20e0000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                                                                                                                                                                                          Start time:04:38:03
                                                                                                                                                                                                                                                                                                                                                          Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d20e0000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                                                                                                                                                                                          Start time:04:38:03
                                                                                                                                                                                                                                                                                                                                                          Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d20e0000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                                                                                                                                                                                          Start time:04:38:04
                                                                                                                                                                                                                                                                                                                                                          Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25298 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {034be005-e21b-42d6-ae40-adf8cf9373bc} 8124 "\\.\pipe\gecko-crash-server-pipe.8124" 2468646f310 socket
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d20e0000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                                                                                                                                                                                          Start time:04:38:06
                                                                                                                                                                                                                                                                                                                                                          Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3432 -parentBuildID 20230927232528 -prefsHandle 3672 -prefMapHandle 3576 -prefsLen 26147 -prefMapSize 238442 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24471866-1448-4f7f-b506-87d896a05d40} 8124 "\\.\pipe\gecko-crash-server-pipe.8124" 24686440e10 rdd
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d20e0000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                          Target ID:19
                                                                                                                                                                                                                                                                                                                                                          Start time:04:38:09
                                                                                                                                                                                                                                                                                                                                                          Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4964 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4960 -prefMapHandle 4956 -prefsLen 33272 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebcf2430-b053-4cc0-a9c1-aa9f8cc737b8} 8124 "\\.\pipe\gecko-crash-server-pipe.8124" 24698888d10 utility
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d20e0000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                                                                                                            Execution Coverage:2%
                                                                                                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                            Signature Coverage:4.7%
                                                                                                                                                                                                                                                                                                                                                            Total number of Nodes:1524
                                                                                                                                                                                                                                                                                                                                                            Total number of Limit Nodes:55
                                                                                                                                                                                                                                                                                                                                                            execution_graph 95980 153f75 95991 11ceb1 95980->95991 95982 153f8b 95990 154006 95982->95990 96058 11e300 23 API calls 95982->96058 95985 154052 95987 154a88 95985->95987 96060 17359c 82 API calls __wsopen_s 95985->96060 95988 153fe6 95988->95985 96059 171abf 22 API calls 95988->96059 96000 10bf40 95990->96000 95992 11ced2 95991->95992 95993 11cebf 95991->95993 95995 11cf05 95992->95995 95996 11ced7 95992->95996 96061 10aceb 95993->96061 95998 10aceb 23 API calls 95995->95998 96071 11fddb 95996->96071 95999 11cec9 95998->95999 95999->95982 96095 10adf0 96000->96095 96002 10bf9d 96003 1504b6 96002->96003 96004 10bfa9 96002->96004 96123 17359c 82 API calls __wsopen_s 96003->96123 96006 1504c6 96004->96006 96007 10c01e 96004->96007 96124 17359c 82 API calls __wsopen_s 96006->96124 96100 10ac91 96007->96100 96011 10c7da 96112 11fe0b 96011->96112 96012 167120 22 API calls 96055 10c039 __fread_nolock messages 96012->96055 96018 1504f5 96020 15055a 96018->96020 96125 11d217 348 API calls 96018->96125 96044 10c603 96020->96044 96126 17359c 82 API calls __wsopen_s 96020->96126 96021 11fddb 22 API calls 96021->96055 96022 10ec40 348 API calls 96022->96055 96023 10c808 __fread_nolock 96025 11fe0b 22 API calls 96023->96025 96024 15091a 96159 173209 23 API calls 96024->96159 96056 10c350 __fread_nolock messages 96025->96056 96026 10af8a 22 API calls 96026->96055 96029 1508a5 96133 10ec40 96029->96133 96032 1508cf 96032->96044 96157 10a81b 41 API calls 96032->96157 96033 150591 96127 17359c 82 API calls __wsopen_s 96033->96127 96034 1508f6 96158 17359c 82 API calls __wsopen_s 96034->96158 96039 10aceb 23 API calls 96039->96055 96040 10c237 96041 10c253 96040->96041 96160 10a8c7 22 API calls __fread_nolock 96040->96160 96045 150976 96041->96045 96049 10c297 messages 96041->96049 96042 11fe0b 22 API calls 96042->96055 96044->95985 96047 10aceb 23 API calls 96045->96047 96048 1509bf 96047->96048 96048->96044 96161 17359c 82 API calls __wsopen_s 96048->96161 96049->96048 96050 10aceb 23 API calls 96049->96050 96051 10c335 96050->96051 96051->96048 96052 10c342 96051->96052 96111 10a704 22 API calls messages 96052->96111 96053 10bbe0 40 API calls 96053->96055 96055->96011 96055->96012 96055->96018 96055->96020 96055->96021 96055->96022 96055->96023 96055->96024 96055->96026 96055->96029 96055->96033 96055->96034 96055->96039 96055->96040 96055->96042 96055->96044 96055->96048 96055->96053 96104 10ad81 96055->96104 96128 167099 22 API calls __fread_nolock 96055->96128 96129 185745 54 API calls _wcslen 96055->96129 96130 11aa42 22 API calls messages 96055->96130 96131 16f05c 40 API calls 96055->96131 96132 10a993 41 API calls 96055->96132 96057 10c3ac 96056->96057 96122 11ce17 22 API calls messages 96056->96122 96057->95985 96058->95988 96059->95990 96060->95987 96062 10acf9 96061->96062 96066 10ad2a messages 96061->96066 96063 10ad55 96062->96063 96065 10ad01 messages 96062->96065 96063->96066 96081 10a8c7 22 API calls __fread_nolock 96063->96081 96065->96066 96067 10ad21 96065->96067 96068 14fa48 96065->96068 96066->95999 96067->96066 96070 14fa3a VariantClear 96067->96070 96068->96066 96082 11ce17 22 API calls messages 96068->96082 96070->96066 96073 11fde0 96071->96073 96074 11fdfa 96073->96074 96077 11fdfc 96073->96077 96083 12ea0c 96073->96083 96090 124ead 7 API calls 2 library calls 96073->96090 96074->95999 96076 12066d 96092 1232a4 RaiseException 96076->96092 96077->96076 96091 1232a4 RaiseException 96077->96091 96080 12068a 96080->95999 96081->96066 96082->96066 96088 133820 _unexpected 96083->96088 96084 13385e 96094 12f2d9 20 API calls __dosmaperr 96084->96094 96085 133849 RtlAllocateHeap 96087 13385c 96085->96087 96085->96088 96087->96073 96088->96084 96088->96085 96093 124ead 7 API calls 2 library calls 96088->96093 96090->96073 96091->96076 96092->96080 96093->96088 96094->96087 96096 10ae01 96095->96096 96099 10ae1c messages 96095->96099 96162 10aec9 96096->96162 96098 10ae09 CharUpperBuffW 96098->96099 96099->96002 96101 10acae 96100->96101 96103 10acd1 96101->96103 96168 17359c 82 API calls __wsopen_s 96101->96168 96103->96055 96105 10ad92 96104->96105 96106 14fadb 96104->96106 96107 11fddb 22 API calls 96105->96107 96108 10ad99 96107->96108 96169 10adcd 96108->96169 96111->96056 96114 11fddb 96112->96114 96113 12ea0c ___std_exception_copy 21 API calls 96113->96114 96114->96113 96115 11fdfa 96114->96115 96118 11fdfc 96114->96118 96182 124ead 7 API calls 2 library calls 96114->96182 96115->96023 96117 12066d 96184 1232a4 RaiseException 96117->96184 96118->96117 96183 1232a4 RaiseException 96118->96183 96121 12068a 96121->96023 96122->96056 96123->96006 96124->96044 96125->96020 96126->96044 96127->96044 96128->96055 96129->96055 96130->96055 96131->96055 96132->96055 96137 10ec76 messages 96133->96137 96134 11fddb 22 API calls 96134->96137 96135 1200a3 29 API calls pre_c_initialization 96135->96137 96136 154beb 96192 17359c 82 API calls __wsopen_s 96136->96192 96137->96134 96137->96135 96137->96136 96138 10fef7 96137->96138 96141 154b0b 96137->96141 96142 154600 96137->96142 96144 10ed9d messages 96137->96144 96148 120242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96137->96148 96149 10a8c7 22 API calls 96137->96149 96151 10fbe3 96137->96151 96152 10a961 22 API calls 96137->96152 96155 1201f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96137->96155 96156 10f3ae messages 96137->96156 96185 1101e0 348 API calls 2 library calls 96137->96185 96186 1106a0 41 API calls messages 96137->96186 96138->96144 96188 10a8c7 22 API calls __fread_nolock 96138->96188 96190 17359c 82 API calls __wsopen_s 96141->96190 96142->96144 96187 10a8c7 22 API calls __fread_nolock 96142->96187 96144->96032 96148->96137 96149->96137 96151->96144 96153 154bdc 96151->96153 96151->96156 96152->96137 96191 17359c 82 API calls __wsopen_s 96153->96191 96155->96137 96156->96144 96189 17359c 82 API calls __wsopen_s 96156->96189 96157->96034 96158->96044 96159->96040 96160->96041 96161->96044 96163 10aedc 96162->96163 96167 10aed9 __fread_nolock 96162->96167 96164 11fddb 22 API calls 96163->96164 96165 10aee7 96164->96165 96166 11fe0b 22 API calls 96165->96166 96166->96167 96167->96098 96168->96103 96173 10addd 96169->96173 96170 10adb6 96170->96055 96171 11fddb 22 API calls 96171->96173 96173->96170 96173->96171 96175 10adcd 22 API calls 96173->96175 96176 10a961 96173->96176 96181 10a8c7 22 API calls __fread_nolock 96173->96181 96175->96173 96177 11fe0b 22 API calls 96176->96177 96178 10a976 96177->96178 96179 11fddb 22 API calls 96178->96179 96180 10a984 96179->96180 96180->96173 96181->96173 96182->96114 96183->96117 96184->96121 96185->96137 96186->96137 96187->96144 96188->96144 96189->96144 96190->96144 96191->96136 96192->96144 96193 101033 96198 104c91 96193->96198 96197 101042 96199 10a961 22 API calls 96198->96199 96200 104cff 96199->96200 96206 103af0 96200->96206 96202 104d9c 96204 101038 96202->96204 96209 1051f7 22 API calls __fread_nolock 96202->96209 96205 1200a3 29 API calls __onexit 96204->96205 96205->96197 96210 103b1c 96206->96210 96209->96202 96211 103b29 96210->96211 96212 103b0f 96210->96212 96211->96212 96213 103b30 RegOpenKeyExW 96211->96213 96212->96202 96213->96212 96214 103b4a RegQueryValueExW 96213->96214 96215 103b80 RegCloseKey 96214->96215 96216 103b6b 96214->96216 96215->96212 96216->96215 96217 103156 96220 103170 96217->96220 96221 103187 96220->96221 96222 1031eb 96221->96222 96223 10318c 96221->96223 96264 1031e9 96221->96264 96225 1031f1 96222->96225 96226 142dfb 96222->96226 96227 103265 PostQuitMessage 96223->96227 96228 103199 96223->96228 96224 1031d0 DefWindowProcW 96261 10316a 96224->96261 96229 1031f8 96225->96229 96230 10321d SetTimer RegisterWindowMessageW 96225->96230 96279 1018e2 10 API calls 96226->96279 96227->96261 96232 1031a4 96228->96232 96233 142e7c 96228->96233 96238 103201 KillTimer 96229->96238 96239 142d9c 96229->96239 96234 103246 CreatePopupMenu 96230->96234 96230->96261 96235 142e68 96232->96235 96236 1031ae 96232->96236 96292 16bf30 34 API calls ___scrt_fastfail 96233->96292 96234->96261 96269 16c161 96235->96269 96242 142e4d 96236->96242 96243 1031b9 96236->96243 96265 1030f2 96238->96265 96245 142dd7 MoveWindow 96239->96245 96246 142da1 96239->96246 96240 142e1c 96280 11e499 42 API calls 96240->96280 96242->96224 96291 160ad7 22 API calls 96242->96291 96249 1031c4 96243->96249 96250 103253 96243->96250 96244 142e8e 96244->96224 96244->96261 96245->96261 96251 142dc6 SetFocus 96246->96251 96252 142da7 96246->96252 96249->96224 96260 1030f2 Shell_NotifyIconW 96249->96260 96277 10326f 44 API calls ___scrt_fastfail 96250->96277 96251->96261 96252->96249 96255 142db0 96252->96255 96278 1018e2 10 API calls 96255->96278 96258 103263 96258->96261 96262 142e41 96260->96262 96281 103837 96262->96281 96264->96224 96266 103154 96265->96266 96267 103104 ___scrt_fastfail 96265->96267 96276 103c50 DeleteObject DestroyWindow 96266->96276 96268 103123 Shell_NotifyIconW 96267->96268 96268->96266 96270 16c276 96269->96270 96271 16c179 ___scrt_fastfail 96269->96271 96270->96261 96293 103923 96271->96293 96273 16c25f KillTimer SetTimer 96273->96270 96274 16c1a0 96274->96273 96275 16c251 Shell_NotifyIconW 96274->96275 96275->96273 96276->96261 96277->96258 96278->96261 96279->96240 96280->96249 96282 103862 ___scrt_fastfail 96281->96282 96364 104212 96282->96364 96285 1038e8 96287 143386 Shell_NotifyIconW 96285->96287 96288 103906 Shell_NotifyIconW 96285->96288 96289 103923 24 API calls 96288->96289 96290 10391c 96289->96290 96290->96264 96291->96264 96292->96244 96294 103a13 96293->96294 96295 10393f 96293->96295 96294->96274 96315 106270 96295->96315 96298 143393 LoadStringW 96301 1433ad 96298->96301 96299 10395a 96320 106b57 96299->96320 96309 103994 ___scrt_fastfail 96301->96309 96333 10a8c7 22 API calls __fread_nolock 96301->96333 96302 10396f 96303 10397c 96302->96303 96304 1433c9 96302->96304 96303->96301 96306 103986 96303->96306 96334 106350 22 API calls 96304->96334 96332 106350 22 API calls 96306->96332 96312 1039f9 Shell_NotifyIconW 96309->96312 96310 1433d7 96310->96309 96335 1033c6 96310->96335 96312->96294 96313 1433f9 96314 1033c6 22 API calls 96313->96314 96314->96309 96316 11fe0b 22 API calls 96315->96316 96317 106295 96316->96317 96318 11fddb 22 API calls 96317->96318 96319 10394d 96318->96319 96319->96298 96319->96299 96321 144ba1 96320->96321 96322 106b67 _wcslen 96320->96322 96345 1093b2 96321->96345 96325 106ba2 96322->96325 96326 106b7d 96322->96326 96324 144baa 96324->96324 96328 11fddb 22 API calls 96325->96328 96344 106f34 22 API calls 96326->96344 96330 106bae 96328->96330 96329 106b85 __fread_nolock 96329->96302 96331 11fe0b 22 API calls 96330->96331 96331->96329 96332->96309 96333->96309 96334->96310 96336 1033dd 96335->96336 96337 1430bb 96335->96337 96349 1033ee 96336->96349 96338 11fddb 22 API calls 96337->96338 96341 1430c5 _wcslen 96338->96341 96340 1033e8 96340->96313 96342 11fe0b 22 API calls 96341->96342 96343 1430fe __fread_nolock 96342->96343 96344->96329 96346 1093c0 96345->96346 96348 1093c9 __fread_nolock 96345->96348 96347 10aec9 22 API calls 96346->96347 96346->96348 96347->96348 96348->96324 96350 1033fe _wcslen 96349->96350 96351 103411 96350->96351 96352 14311d 96350->96352 96359 10a587 96351->96359 96354 11fddb 22 API calls 96352->96354 96356 143127 96354->96356 96355 10341e __fread_nolock 96355->96340 96357 11fe0b 22 API calls 96356->96357 96358 143157 __fread_nolock 96357->96358 96360 10a59d 96359->96360 96363 10a598 __fread_nolock 96359->96363 96361 14f80f 96360->96361 96362 11fe0b 22 API calls 96360->96362 96362->96363 96363->96355 96365 1435a4 96364->96365 96366 1038b7 96364->96366 96365->96366 96367 1435ad DestroyIcon 96365->96367 96366->96285 96368 16c874 42 API calls _strftime 96366->96368 96367->96366 96368->96285 96369 102e37 96370 10a961 22 API calls 96369->96370 96371 102e4d 96370->96371 96448 104ae3 96371->96448 96373 102e6b 96462 103a5a 96373->96462 96375 102e7f 96469 109cb3 96375->96469 96380 142cb0 96515 172cf9 96380->96515 96381 102ead 96497 10a8c7 22 API calls __fread_nolock 96381->96497 96383 142cc3 96385 142ccf 96383->96385 96541 104f39 96383->96541 96390 104f39 68 API calls 96385->96390 96386 102ec3 96498 106f88 22 API calls 96386->96498 96389 102ecf 96392 109cb3 22 API calls 96389->96392 96391 142ce5 96390->96391 96547 103084 22 API calls 96391->96547 96393 102edc 96392->96393 96499 10a81b 41 API calls 96393->96499 96396 102eec 96398 109cb3 22 API calls 96396->96398 96397 142d02 96548 103084 22 API calls 96397->96548 96400 102f12 96398->96400 96500 10a81b 41 API calls 96400->96500 96401 142d1e 96403 103a5a 24 API calls 96401->96403 96405 142d44 96403->96405 96404 102f21 96407 10a961 22 API calls 96404->96407 96549 103084 22 API calls 96405->96549 96409 102f3f 96407->96409 96408 142d50 96550 10a8c7 22 API calls __fread_nolock 96408->96550 96501 103084 22 API calls 96409->96501 96411 142d5e 96551 103084 22 API calls 96411->96551 96414 102f4b 96502 124a28 40 API calls 2 library calls 96414->96502 96415 142d6d 96552 10a8c7 22 API calls __fread_nolock 96415->96552 96417 102f59 96417->96391 96418 102f63 96417->96418 96503 124a28 40 API calls 2 library calls 96418->96503 96421 142d83 96553 103084 22 API calls 96421->96553 96422 102f6e 96422->96397 96424 102f78 96422->96424 96504 124a28 40 API calls 2 library calls 96424->96504 96425 142d90 96427 102f83 96427->96401 96428 102f8d 96427->96428 96505 124a28 40 API calls 2 library calls 96428->96505 96430 102f98 96431 102fdc 96430->96431 96506 103084 22 API calls 96430->96506 96431->96415 96432 102fe8 96431->96432 96432->96425 96509 1063eb 22 API calls 96432->96509 96434 102fbf 96507 10a8c7 22 API calls __fread_nolock 96434->96507 96437 102ff8 96510 106a50 22 API calls 96437->96510 96438 102fcd 96508 103084 22 API calls 96438->96508 96440 103006 96511 1070b0 23 API calls 96440->96511 96445 103021 96446 103065 96445->96446 96512 106f88 22 API calls 96445->96512 96513 1070b0 23 API calls 96445->96513 96514 103084 22 API calls 96445->96514 96449 104af0 __wsopen_s 96448->96449 96450 106b57 22 API calls 96449->96450 96451 104b22 96449->96451 96450->96451 96461 104b58 96451->96461 96554 104c6d 96451->96554 96453 104c6d 22 API calls 96453->96461 96454 109cb3 22 API calls 96456 104c52 96454->96456 96455 109cb3 22 API calls 96455->96461 96457 10515f 22 API calls 96456->96457 96459 104c5e 96457->96459 96459->96373 96460 104c29 96460->96454 96460->96459 96461->96453 96461->96455 96461->96460 96557 10515f 96461->96557 96563 141f50 96462->96563 96465 109cb3 22 API calls 96466 103a8d 96465->96466 96565 103aa2 96466->96565 96468 103a97 96468->96375 96470 109cc2 _wcslen 96469->96470 96471 11fe0b 22 API calls 96470->96471 96472 109cea __fread_nolock 96471->96472 96473 11fddb 22 API calls 96472->96473 96474 102e8c 96473->96474 96475 104ecb 96474->96475 96585 104e90 LoadLibraryA 96475->96585 96480 104ef6 LoadLibraryExW 96593 104e59 LoadLibraryA 96480->96593 96481 143ccf 96483 104f39 68 API calls 96481->96483 96484 143cd6 96483->96484 96486 104e59 3 API calls 96484->96486 96488 143cde 96486->96488 96615 1050f5 40 API calls __fread_nolock 96488->96615 96489 104f20 96489->96488 96490 104f2c 96489->96490 96492 104f39 68 API calls 96490->96492 96494 102ea5 96492->96494 96493 143cf5 96616 1728fe 27 API calls 96493->96616 96494->96380 96494->96381 96496 143d05 96497->96386 96498->96389 96499->96396 96500->96404 96501->96414 96502->96417 96503->96422 96504->96427 96505->96430 96506->96434 96507->96438 96508->96431 96509->96437 96510->96440 96511->96445 96512->96445 96513->96445 96514->96445 96516 172d15 96515->96516 96699 10511f 64 API calls 96516->96699 96518 172d29 96700 172e66 75 API calls 96518->96700 96520 172d3b 96539 172d3f 96520->96539 96701 1050f5 40 API calls __fread_nolock 96520->96701 96522 172d56 96702 1050f5 40 API calls __fread_nolock 96522->96702 96524 172d66 96703 1050f5 40 API calls __fread_nolock 96524->96703 96526 172d81 96704 1050f5 40 API calls __fread_nolock 96526->96704 96528 172d9c 96705 10511f 64 API calls 96528->96705 96530 172db3 96531 12ea0c ___std_exception_copy 21 API calls 96530->96531 96532 172dba 96531->96532 96533 12ea0c ___std_exception_copy 21 API calls 96532->96533 96534 172dc4 96533->96534 96706 1050f5 40 API calls __fread_nolock 96534->96706 96536 172dd8 96707 1728fe 27 API calls 96536->96707 96538 172dee 96538->96539 96708 1722ce 79 API calls 96538->96708 96539->96383 96542 104f43 96541->96542 96543 104f4a 96541->96543 96709 12e678 96542->96709 96545 104f59 96543->96545 96546 104f6a FreeLibrary 96543->96546 96545->96385 96546->96545 96547->96397 96548->96401 96549->96408 96550->96411 96551->96415 96552->96421 96553->96425 96555 10aec9 22 API calls 96554->96555 96556 104c78 96555->96556 96556->96451 96558 10518f __fread_nolock 96557->96558 96559 10516e 96557->96559 96560 11fddb 22 API calls 96558->96560 96561 11fe0b 22 API calls 96559->96561 96562 1051a2 96560->96562 96561->96558 96562->96461 96564 103a67 GetModuleFileNameW 96563->96564 96564->96465 96566 141f50 __wsopen_s 96565->96566 96567 103aaf GetFullPathNameW 96566->96567 96568 103ae9 96567->96568 96569 103ace 96567->96569 96579 10a6c3 96568->96579 96570 106b57 22 API calls 96569->96570 96572 103ada 96570->96572 96575 1037a0 96572->96575 96576 1037ae 96575->96576 96577 1093b2 22 API calls 96576->96577 96578 1037c2 96577->96578 96578->96468 96580 10a6dd 96579->96580 96584 10a6d0 96579->96584 96581 11fddb 22 API calls 96580->96581 96582 10a6e7 96581->96582 96583 11fe0b 22 API calls 96582->96583 96583->96584 96584->96572 96586 104ec6 96585->96586 96587 104ea8 GetProcAddress 96585->96587 96590 12e5eb 96586->96590 96588 104eb8 96587->96588 96588->96586 96589 104ebf FreeLibrary 96588->96589 96589->96586 96617 12e52a 96590->96617 96592 104eea 96592->96480 96592->96481 96594 104e8d 96593->96594 96595 104e6e GetProcAddress 96593->96595 96598 104f80 96594->96598 96596 104e7e 96595->96596 96596->96594 96597 104e86 FreeLibrary 96596->96597 96597->96594 96599 11fe0b 22 API calls 96598->96599 96600 104f95 96599->96600 96685 105722 96600->96685 96602 104fa1 __fread_nolock 96603 1050a5 96602->96603 96604 143d1d 96602->96604 96614 104fdc 96602->96614 96688 1042a2 CreateStreamOnHGlobal 96603->96688 96696 17304d 74 API calls 96604->96696 96607 143d22 96697 10511f 64 API calls 96607->96697 96610 143d45 96698 1050f5 40 API calls __fread_nolock 96610->96698 96613 10506e messages 96613->96489 96614->96607 96614->96613 96694 1050f5 40 API calls __fread_nolock 96614->96694 96695 10511f 64 API calls 96614->96695 96615->96493 96616->96496 96620 12e536 CallCatchBlock 96617->96620 96618 12e544 96642 12f2d9 20 API calls __dosmaperr 96618->96642 96620->96618 96622 12e574 96620->96622 96621 12e549 96643 1327ec 26 API calls _strftime 96621->96643 96624 12e586 96622->96624 96625 12e579 96622->96625 96634 138061 96624->96634 96644 12f2d9 20 API calls __dosmaperr 96625->96644 96628 12e58f 96629 12e5a2 96628->96629 96630 12e595 96628->96630 96646 12e5d4 LeaveCriticalSection __fread_nolock 96629->96646 96645 12f2d9 20 API calls __dosmaperr 96630->96645 96632 12e554 __wsopen_s 96632->96592 96635 13806d CallCatchBlock 96634->96635 96647 132f5e EnterCriticalSection 96635->96647 96637 13807b 96648 1380fb 96637->96648 96641 1380ac __wsopen_s 96641->96628 96642->96621 96643->96632 96644->96632 96645->96632 96646->96632 96647->96637 96649 13811e 96648->96649 96650 138177 96649->96650 96657 138088 96649->96657 96664 12918d EnterCriticalSection 96649->96664 96665 1291a1 LeaveCriticalSection 96649->96665 96666 134c7d 96650->96666 96655 138189 96655->96657 96679 133405 11 API calls 2 library calls 96655->96679 96661 1380b7 96657->96661 96658 1381a8 96680 12918d EnterCriticalSection 96658->96680 96684 132fa6 LeaveCriticalSection 96661->96684 96663 1380be 96663->96641 96664->96649 96665->96649 96671 134c8a _unexpected 96666->96671 96667 134cca 96682 12f2d9 20 API calls __dosmaperr 96667->96682 96668 134cb5 RtlAllocateHeap 96669 134cc8 96668->96669 96668->96671 96673 1329c8 96669->96673 96671->96667 96671->96668 96681 124ead 7 API calls 2 library calls 96671->96681 96674 1329d3 RtlFreeHeap 96673->96674 96675 1329fc __dosmaperr 96673->96675 96674->96675 96676 1329e8 96674->96676 96675->96655 96683 12f2d9 20 API calls __dosmaperr 96676->96683 96678 1329ee GetLastError 96678->96675 96679->96658 96680->96657 96681->96671 96682->96669 96683->96678 96684->96663 96686 11fddb 22 API calls 96685->96686 96687 105734 96686->96687 96687->96602 96689 1042bc FindResourceExW 96688->96689 96693 1042d9 96688->96693 96690 1435ba LoadResource 96689->96690 96689->96693 96691 1435cf SizeofResource 96690->96691 96690->96693 96692 1435e3 LockResource 96691->96692 96691->96693 96692->96693 96693->96614 96694->96614 96695->96614 96696->96607 96697->96610 96698->96613 96699->96518 96700->96520 96701->96522 96702->96524 96703->96526 96704->96528 96705->96530 96706->96536 96707->96538 96708->96539 96710 12e684 CallCatchBlock 96709->96710 96711 12e695 96710->96711 96712 12e6aa 96710->96712 96739 12f2d9 20 API calls __dosmaperr 96711->96739 96720 12e6a5 __wsopen_s 96712->96720 96722 12918d EnterCriticalSection 96712->96722 96714 12e69a 96740 1327ec 26 API calls _strftime 96714->96740 96717 12e6c6 96723 12e602 96717->96723 96719 12e6d1 96741 12e6ee LeaveCriticalSection __fread_nolock 96719->96741 96720->96543 96722->96717 96724 12e624 96723->96724 96725 12e60f 96723->96725 96730 12e61f 96724->96730 96742 12dc0b 96724->96742 96774 12f2d9 20 API calls __dosmaperr 96725->96774 96727 12e614 96775 1327ec 26 API calls _strftime 96727->96775 96730->96719 96735 12e646 96759 13862f 96735->96759 96738 1329c8 _free 20 API calls 96738->96730 96739->96714 96740->96720 96741->96720 96743 12dc23 96742->96743 96745 12dc1f 96742->96745 96744 12d955 __fread_nolock 26 API calls 96743->96744 96743->96745 96746 12dc43 96744->96746 96748 134d7a 96745->96748 96776 1359be 62 API calls 4 library calls 96746->96776 96749 134d90 96748->96749 96750 12e640 96748->96750 96749->96750 96751 1329c8 _free 20 API calls 96749->96751 96752 12d955 96750->96752 96751->96750 96753 12d961 96752->96753 96754 12d976 96752->96754 96777 12f2d9 20 API calls __dosmaperr 96753->96777 96754->96735 96756 12d966 96778 1327ec 26 API calls _strftime 96756->96778 96758 12d971 96758->96735 96760 138653 96759->96760 96761 13863e 96759->96761 96763 13868e 96760->96763 96768 13867a 96760->96768 96782 12f2c6 20 API calls __dosmaperr 96761->96782 96784 12f2c6 20 API calls __dosmaperr 96763->96784 96765 138643 96783 12f2d9 20 API calls __dosmaperr 96765->96783 96766 138693 96785 12f2d9 20 API calls __dosmaperr 96766->96785 96779 138607 96768->96779 96771 12e64c 96771->96730 96771->96738 96772 13869b 96786 1327ec 26 API calls _strftime 96772->96786 96774->96727 96775->96730 96776->96745 96777->96756 96778->96758 96787 138585 96779->96787 96781 13862b 96781->96771 96782->96765 96783->96771 96784->96766 96785->96772 96786->96771 96788 138591 CallCatchBlock 96787->96788 96798 135147 EnterCriticalSection 96788->96798 96790 13859f 96791 1385d1 96790->96791 96792 1385c6 96790->96792 96814 12f2d9 20 API calls __dosmaperr 96791->96814 96799 1386ae 96792->96799 96795 1385cc 96815 1385fb LeaveCriticalSection __wsopen_s 96795->96815 96797 1385ee __wsopen_s 96797->96781 96798->96790 96816 1353c4 96799->96816 96801 1386be 96802 1386c4 96801->96802 96803 1386f6 96801->96803 96805 1353c4 __wsopen_s 26 API calls 96801->96805 96829 135333 21 API calls 2 library calls 96802->96829 96803->96802 96806 1353c4 __wsopen_s 26 API calls 96803->96806 96808 1386ed 96805->96808 96809 138702 CloseHandle 96806->96809 96807 13871c 96810 13873e 96807->96810 96830 12f2a3 20 API calls __dosmaperr 96807->96830 96812 1353c4 __wsopen_s 26 API calls 96808->96812 96809->96802 96813 13870e GetLastError 96809->96813 96810->96795 96812->96803 96813->96802 96814->96795 96815->96797 96817 1353d1 96816->96817 96818 1353e6 96816->96818 96831 12f2c6 20 API calls __dosmaperr 96817->96831 96823 13540b 96818->96823 96833 12f2c6 20 API calls __dosmaperr 96818->96833 96821 1353d6 96832 12f2d9 20 API calls __dosmaperr 96821->96832 96823->96801 96824 135416 96834 12f2d9 20 API calls __dosmaperr 96824->96834 96825 1353de 96825->96801 96827 13541e 96835 1327ec 26 API calls _strftime 96827->96835 96829->96807 96830->96810 96831->96821 96832->96825 96833->96824 96834->96827 96835->96825 96836 101098 96841 1042de 96836->96841 96840 1010a7 96842 10a961 22 API calls 96841->96842 96843 1042f5 GetVersionExW 96842->96843 96844 106b57 22 API calls 96843->96844 96845 104342 96844->96845 96846 1093b2 22 API calls 96845->96846 96848 104378 96845->96848 96847 10436c 96846->96847 96850 1037a0 22 API calls 96847->96850 96849 10441b GetCurrentProcess IsWow64Process 96848->96849 96856 1437df 96848->96856 96851 104437 96849->96851 96850->96848 96852 143824 GetSystemInfo 96851->96852 96853 10444f LoadLibraryA 96851->96853 96854 104460 GetProcAddress 96853->96854 96855 10449c GetSystemInfo 96853->96855 96854->96855 96857 104470 GetNativeSystemInfo 96854->96857 96858 104476 96855->96858 96857->96858 96859 10109d 96858->96859 96860 10447a FreeLibrary 96858->96860 96861 1200a3 29 API calls __onexit 96859->96861 96860->96859 96861->96840 96862 1203fb 96863 120407 CallCatchBlock 96862->96863 96891 11feb1 96863->96891 96865 12040e 96866 120561 96865->96866 96869 120438 96865->96869 96921 12083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96866->96921 96868 120568 96914 124e52 96868->96914 96879 120477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96869->96879 96902 13247d 96869->96902 96876 120457 96878 1204d8 96910 120959 96878->96910 96879->96878 96917 124e1a 38 API calls 3 library calls 96879->96917 96882 1204de 96883 1204f3 96882->96883 96918 120992 GetModuleHandleW 96883->96918 96885 1204fa 96885->96868 96886 1204fe 96885->96886 96887 120507 96886->96887 96919 124df5 28 API calls _abort 96886->96919 96920 120040 13 API calls 2 library calls 96887->96920 96890 12050f 96890->96876 96892 11feba 96891->96892 96923 120698 IsProcessorFeaturePresent 96892->96923 96894 11fec6 96924 122c94 10 API calls 3 library calls 96894->96924 96896 11fecb 96897 11fecf 96896->96897 96925 132317 96896->96925 96897->96865 96900 11fee6 96900->96865 96905 132494 96902->96905 96903 120a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 96904 120451 96903->96904 96904->96876 96906 132421 96904->96906 96905->96903 96907 132450 96906->96907 96908 120a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 96907->96908 96909 132479 96908->96909 96909->96879 96984 122340 96910->96984 96913 12097f 96913->96882 96986 124bcf 96914->96986 96917->96878 96918->96885 96919->96887 96920->96890 96921->96868 96923->96894 96924->96896 96929 13d1f6 96925->96929 96928 122cbd 8 API calls 3 library calls 96928->96897 96931 13d20f 96929->96931 96933 13d213 96929->96933 96947 120a8c 96931->96947 96932 11fed8 96932->96900 96932->96928 96933->96931 96935 134bfb 96933->96935 96936 134c07 CallCatchBlock 96935->96936 96954 132f5e EnterCriticalSection 96936->96954 96938 134c0e 96955 1350af 96938->96955 96940 134c1d 96946 134c2c 96940->96946 96968 134a8f 29 API calls 96940->96968 96943 134c27 96969 134b45 GetStdHandle GetFileType 96943->96969 96944 134c3d __wsopen_s 96944->96933 96970 134c48 LeaveCriticalSection _abort 96946->96970 96948 120a97 IsProcessorFeaturePresent 96947->96948 96949 120a95 96947->96949 96951 120c5d 96948->96951 96949->96932 96983 120c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96951->96983 96953 120d40 96953->96932 96954->96938 96956 1350bb CallCatchBlock 96955->96956 96957 1350c8 96956->96957 96958 1350df 96956->96958 96979 12f2d9 20 API calls __dosmaperr 96957->96979 96971 132f5e EnterCriticalSection 96958->96971 96961 1350cd 96980 1327ec 26 API calls _strftime 96961->96980 96963 135117 96981 13513e LeaveCriticalSection _abort 96963->96981 96964 1350d7 __wsopen_s 96964->96940 96965 1350eb 96965->96963 96972 135000 96965->96972 96968->96943 96969->96946 96970->96944 96971->96965 96973 134c7d _unexpected 20 API calls 96972->96973 96975 135012 96973->96975 96974 13501f 96976 1329c8 _free 20 API calls 96974->96976 96975->96974 96982 133405 11 API calls 2 library calls 96975->96982 96977 135071 96976->96977 96977->96965 96979->96961 96980->96964 96981->96964 96982->96975 96983->96953 96985 12096c GetStartupInfoW 96984->96985 96985->96913 96987 124bdb _unexpected 96986->96987 96988 124be2 96987->96988 96989 124bf4 96987->96989 97025 124d29 GetModuleHandleW 96988->97025 97010 132f5e EnterCriticalSection 96989->97010 96992 124bfb 96998 124c70 96992->96998 97008 124c99 96992->97008 97011 1321a8 96992->97011 96993 124be7 96993->96989 97026 124d6d GetModuleHandleExW 96993->97026 96999 124c88 96998->96999 97003 132421 _abort 5 API calls 96998->97003 97004 132421 _abort 5 API calls 96999->97004 97000 124ce2 97034 141d29 5 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 97000->97034 97001 124cb6 97017 124ce8 97001->97017 97003->96999 97004->97008 97014 124cd9 97008->97014 97010->96992 97035 131ee1 97011->97035 97054 132fa6 LeaveCriticalSection 97014->97054 97016 124cb2 97016->97000 97016->97001 97055 13360c 97017->97055 97020 124d16 97023 124d6d _abort 8 API calls 97020->97023 97021 124cf6 GetPEB 97021->97020 97022 124d06 GetCurrentProcess TerminateProcess 97021->97022 97022->97020 97024 124d1e ExitProcess 97023->97024 97025->96993 97027 124d97 GetProcAddress 97026->97027 97028 124dba 97026->97028 97029 124dac 97027->97029 97030 124dc0 FreeLibrary 97028->97030 97031 124dc9 97028->97031 97029->97028 97030->97031 97032 120a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 97031->97032 97033 124bf3 97032->97033 97033->96989 97038 131e90 97035->97038 97037 131f05 97037->96998 97039 131e9c CallCatchBlock 97038->97039 97046 132f5e EnterCriticalSection 97039->97046 97041 131eaa 97047 131f31 97041->97047 97045 131ec8 __wsopen_s 97045->97037 97046->97041 97048 131f51 97047->97048 97049 131f59 97047->97049 97050 120a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 97048->97050 97049->97048 97052 1329c8 _free 20 API calls 97049->97052 97051 131eb7 97050->97051 97053 131ed5 LeaveCriticalSection _abort 97051->97053 97052->97048 97053->97045 97054->97016 97056 133631 97055->97056 97057 133627 97055->97057 97062 132fd7 5 API calls 2 library calls 97056->97062 97059 120a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 97057->97059 97060 124cf2 97059->97060 97060->97020 97060->97021 97061 133648 97061->97057 97062->97061 97063 10105b 97068 10344d 97063->97068 97065 10106a 97099 1200a3 29 API calls __onexit 97065->97099 97067 101074 97069 10345d __wsopen_s 97068->97069 97070 10a961 22 API calls 97069->97070 97071 103513 97070->97071 97072 103a5a 24 API calls 97071->97072 97073 10351c 97072->97073 97100 103357 97073->97100 97076 1033c6 22 API calls 97077 103535 97076->97077 97078 10515f 22 API calls 97077->97078 97079 103544 97078->97079 97080 10a961 22 API calls 97079->97080 97081 10354d 97080->97081 97082 10a6c3 22 API calls 97081->97082 97083 103556 RegOpenKeyExW 97082->97083 97084 143176 RegQueryValueExW 97083->97084 97088 103578 97083->97088 97085 143193 97084->97085 97086 14320c RegCloseKey 97084->97086 97087 11fe0b 22 API calls 97085->97087 97086->97088 97098 14321e _wcslen 97086->97098 97089 1431ac 97087->97089 97088->97065 97090 105722 22 API calls 97089->97090 97091 1431b7 RegQueryValueExW 97090->97091 97093 1431d4 97091->97093 97095 1431ee messages 97091->97095 97092 104c6d 22 API calls 97092->97098 97094 106b57 22 API calls 97093->97094 97094->97095 97095->97086 97096 109cb3 22 API calls 97096->97098 97097 10515f 22 API calls 97097->97098 97098->97088 97098->97092 97098->97096 97098->97097 97099->97067 97101 141f50 __wsopen_s 97100->97101 97102 103364 GetFullPathNameW 97101->97102 97103 103386 97102->97103 97104 106b57 22 API calls 97103->97104 97105 1033a4 97104->97105 97105->97076 97106 192a55 97114 171ebc 97106->97114 97109 192a87 97110 192a70 97116 1639c0 22 API calls 97110->97116 97112 192a7c 97117 16417d 22 API calls __fread_nolock 97112->97117 97115 171ec3 IsWindow 97114->97115 97115->97109 97115->97110 97116->97112 97117->97109 97118 10defc 97121 101d6f 97118->97121 97120 10df07 97122 101d8c 97121->97122 97130 101f6f 97122->97130 97124 101da6 97125 142759 97124->97125 97127 101e36 97124->97127 97128 101dc2 97124->97128 97134 17359c 82 API calls __wsopen_s 97125->97134 97127->97120 97128->97127 97133 10289a 23 API calls 97128->97133 97131 10ec40 348 API calls 97130->97131 97132 101f98 97131->97132 97132->97124 97133->97127 97134->97127 97135 10f7bf 97136 10f7d3 97135->97136 97137 10fcb6 97135->97137 97139 10fcc2 97136->97139 97140 11fddb 22 API calls 97136->97140 97138 10aceb 23 API calls 97137->97138 97138->97139 97141 10aceb 23 API calls 97139->97141 97142 10f7e5 97140->97142 97144 10fd3d 97141->97144 97142->97139 97143 10f83e 97142->97143 97142->97144 97161 10ed9d messages 97143->97161 97170 111310 97143->97170 97229 171155 22 API calls 97144->97229 97147 10fef7 97147->97161 97231 10a8c7 22 API calls __fread_nolock 97147->97231 97150 154b0b 97233 17359c 82 API calls __wsopen_s 97150->97233 97151 154600 97151->97161 97230 10a8c7 22 API calls __fread_nolock 97151->97230 97156 10a8c7 22 API calls 97168 10ec76 messages 97156->97168 97158 120242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 97158->97168 97159 10fbe3 97159->97161 97163 154bdc 97159->97163 97169 10f3ae messages 97159->97169 97160 10a961 22 API calls 97160->97168 97162 1200a3 29 API calls pre_c_initialization 97162->97168 97234 17359c 82 API calls __wsopen_s 97163->97234 97165 154beb 97235 17359c 82 API calls __wsopen_s 97165->97235 97166 1201f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 97166->97168 97167 11fddb 22 API calls 97167->97168 97168->97147 97168->97150 97168->97151 97168->97156 97168->97158 97168->97159 97168->97160 97168->97161 97168->97162 97168->97165 97168->97166 97168->97167 97168->97169 97227 1101e0 348 API calls 2 library calls 97168->97227 97228 1106a0 41 API calls messages 97168->97228 97169->97161 97232 17359c 82 API calls __wsopen_s 97169->97232 97171 1117b0 97170->97171 97172 111376 97170->97172 97275 120242 5 API calls __Init_thread_wait 97171->97275 97174 111390 97172->97174 97175 156331 97172->97175 97236 111940 97174->97236 97176 15633d 97175->97176 97279 18709c 348 API calls 97175->97279 97176->97168 97178 1117ba 97181 1117fb 97178->97181 97183 109cb3 22 API calls 97178->97183 97185 156346 97181->97185 97187 11182c 97181->97187 97182 111940 9 API calls 97184 1113b6 97182->97184 97191 1117d4 97183->97191 97184->97181 97186 1113ec 97184->97186 97280 17359c 82 API calls __wsopen_s 97185->97280 97186->97185 97210 111408 __fread_nolock 97186->97210 97188 10aceb 23 API calls 97187->97188 97190 111839 97188->97190 97277 11d217 348 API calls 97190->97277 97276 1201f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97191->97276 97194 15636e 97215 156369 97194->97215 97281 17359c 82 API calls __wsopen_s 97194->97281 97195 11152f 97197 1563d1 97195->97197 97198 11153c 97195->97198 97283 185745 54 API calls _wcslen 97197->97283 97199 111940 9 API calls 97198->97199 97201 111549 97199->97201 97204 1564fa 97201->97204 97206 111940 9 API calls 97201->97206 97202 11fddb 22 API calls 97202->97210 97203 11fe0b 22 API calls 97203->97210 97204->97215 97285 17359c 82 API calls __wsopen_s 97204->97285 97205 111872 97278 11faeb 23 API calls 97205->97278 97211 111563 97206->97211 97209 10ec40 348 API calls 97209->97210 97210->97190 97210->97194 97210->97195 97210->97202 97210->97203 97210->97209 97212 1563b2 97210->97212 97210->97215 97211->97204 97217 1115c7 messages 97211->97217 97284 10a8c7 22 API calls __fread_nolock 97211->97284 97282 17359c 82 API calls __wsopen_s 97212->97282 97215->97168 97216 111940 9 API calls 97216->97217 97217->97204 97217->97205 97217->97215 97217->97216 97220 11167b messages 97217->97220 97246 18ab67 97217->97246 97249 191591 97217->97249 97252 11f645 97217->97252 97259 18a2ea 97217->97259 97264 18abf7 97217->97264 97269 175c5a 97217->97269 97218 11171d 97218->97168 97220->97218 97274 11ce17 22 API calls messages 97220->97274 97227->97168 97228->97168 97229->97161 97230->97161 97231->97161 97232->97161 97233->97161 97234->97165 97235->97161 97237 111981 97236->97237 97238 11195d 97236->97238 97286 120242 5 API calls __Init_thread_wait 97237->97286 97245 1113a0 97238->97245 97288 120242 5 API calls __Init_thread_wait 97238->97288 97240 11198b 97240->97238 97287 1201f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97240->97287 97243 118727 97243->97245 97289 1201f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97243->97289 97245->97182 97290 18aff9 97246->97290 97445 192ad8 97249->97445 97251 19159f 97251->97217 97253 10b567 39 API calls 97252->97253 97254 11f659 97253->97254 97255 11f661 timeGetTime 97254->97255 97256 15f2dc Sleep 97254->97256 97257 10b567 39 API calls 97255->97257 97258 11f677 97257->97258 97258->97217 97260 107510 53 API calls 97259->97260 97261 18a306 97260->97261 97456 16d4dc CreateToolhelp32Snapshot Process32FirstW 97261->97456 97263 18a315 97263->97217 97265 18aff9 217 API calls 97264->97265 97267 18ac0c 97265->97267 97266 18ac54 97266->97217 97267->97266 97268 10aceb 23 API calls 97267->97268 97268->97266 97270 107510 53 API calls 97269->97270 97271 175c6d 97270->97271 97477 16dbbe lstrlenW 97271->97477 97273 175c77 97273->97217 97274->97220 97275->97178 97276->97181 97277->97205 97278->97205 97279->97176 97280->97215 97281->97215 97282->97215 97283->97211 97284->97217 97285->97215 97286->97240 97287->97238 97288->97243 97289->97245 97291 18b01d ___scrt_fastfail 97290->97291 97292 18b058 97291->97292 97293 18b094 97291->97293 97411 10b567 97292->97411 97297 10b567 39 API calls 97293->97297 97298 18b08b 97293->97298 97295 18b063 97295->97298 97301 10b567 39 API calls 97295->97301 97296 18b0ed 97381 107510 97296->97381 97300 18b0a5 97297->97300 97298->97296 97302 10b567 39 API calls 97298->97302 97304 10b567 39 API calls 97300->97304 97305 18b078 97301->97305 97302->97296 97304->97298 97308 10b567 39 API calls 97305->97308 97307 18b115 97309 18b1d8 97307->97309 97310 18b11f 97307->97310 97308->97298 97312 18b20a GetCurrentDirectoryW 97309->97312 97315 107510 53 API calls 97309->97315 97311 107510 53 API calls 97310->97311 97313 18b130 97311->97313 97314 11fe0b 22 API calls 97312->97314 97316 107620 22 API calls 97313->97316 97317 18b22f GetCurrentDirectoryW 97314->97317 97318 18b1ef 97315->97318 97319 18b13a 97316->97319 97320 18b23c 97317->97320 97321 107620 22 API calls 97318->97321 97322 107510 53 API calls 97319->97322 97325 18b275 97320->97325 97416 109c6e 22 API calls 97320->97416 97323 18b1f9 _wcslen 97321->97323 97324 18b14b 97322->97324 97323->97312 97323->97325 97326 107620 22 API calls 97324->97326 97330 18b28b 97325->97330 97331 18b287 97325->97331 97328 18b155 97326->97328 97332 107510 53 API calls 97328->97332 97329 18b255 97417 109c6e 22 API calls 97329->97417 97419 1707c0 10 API calls 97330->97419 97338 18b2f8 97331->97338 97339 18b39a CreateProcessW 97331->97339 97335 18b166 97332->97335 97340 107620 22 API calls 97335->97340 97336 18b265 97418 109c6e 22 API calls 97336->97418 97337 18b294 97420 1706e6 10 API calls 97337->97420 97422 1611c8 39 API calls 97338->97422 97359 18b32f _wcslen 97339->97359 97344 18b170 97340->97344 97347 18b1a6 GetSystemDirectoryW 97344->97347 97352 107510 53 API calls 97344->97352 97345 18b2aa 97421 1705a7 8 API calls 97345->97421 97346 18b2fd 97350 18b32a 97346->97350 97351 18b323 97346->97351 97349 11fe0b 22 API calls 97347->97349 97356 18b1cb GetSystemDirectoryW 97349->97356 97424 1614ce 6 API calls 97350->97424 97423 161201 128 API calls 2 library calls 97351->97423 97353 18b187 97352->97353 97358 107620 22 API calls 97353->97358 97355 18b2d0 97355->97331 97356->97320 97361 18b191 _wcslen 97358->97361 97362 18b42f CloseHandle 97359->97362 97363 18b3d6 GetLastError 97359->97363 97360 18b328 97360->97359 97361->97320 97361->97347 97364 18b43f 97362->97364 97372 18b49a 97362->97372 97371 18b41a 97363->97371 97365 18b451 97364->97365 97366 18b446 CloseHandle 97364->97366 97369 18b458 CloseHandle 97365->97369 97370 18b463 97365->97370 97366->97365 97368 18b4a6 97368->97371 97369->97370 97373 18b46a CloseHandle 97370->97373 97374 18b475 97370->97374 97408 170175 97371->97408 97372->97368 97377 18b4d2 CloseHandle 97372->97377 97373->97374 97425 1709d9 34 API calls 97374->97425 97377->97371 97379 18b486 97426 18b536 25 API calls 97379->97426 97382 107522 97381->97382 97383 107525 97381->97383 97404 107620 97382->97404 97384 10755b 97383->97384 97385 10752d 97383->97385 97387 1450f6 97384->97387 97388 10756d 97384->97388 97395 14500f 97384->97395 97427 1251c6 26 API calls 97385->97427 97430 125183 26 API calls 97387->97430 97428 11fb21 51 API calls 97388->97428 97389 10753d 97394 11fddb 22 API calls 97389->97394 97392 14510e 97392->97392 97396 107547 97394->97396 97398 11fe0b 22 API calls 97395->97398 97403 145088 97395->97403 97397 109cb3 22 API calls 97396->97397 97397->97382 97400 145058 97398->97400 97399 11fddb 22 API calls 97401 14507f 97399->97401 97400->97399 97402 109cb3 22 API calls 97401->97402 97402->97403 97429 11fb21 51 API calls 97403->97429 97405 10762a _wcslen 97404->97405 97406 11fe0b 22 API calls 97405->97406 97407 10763f 97406->97407 97407->97307 97431 17030f 97408->97431 97412 10b578 97411->97412 97413 10b57f 97411->97413 97412->97413 97444 1262d1 39 API calls _strftime 97412->97444 97413->97295 97415 10b5c2 97415->97295 97416->97329 97417->97336 97418->97325 97419->97337 97420->97345 97421->97355 97422->97346 97423->97360 97424->97359 97425->97379 97426->97372 97427->97389 97428->97389 97429->97387 97430->97392 97432 170321 CloseHandle 97431->97432 97433 170329 97431->97433 97432->97433 97434 170336 97433->97434 97435 17032e CloseHandle 97433->97435 97436 170343 97434->97436 97437 17033b CloseHandle 97434->97437 97435->97434 97438 170350 97436->97438 97439 170348 CloseHandle 97436->97439 97437->97436 97440 170355 CloseHandle 97438->97440 97441 17035d 97438->97441 97439->97438 97440->97441 97442 170362 CloseHandle 97441->97442 97443 17017d 97441->97443 97442->97443 97443->97217 97444->97415 97446 10aceb 23 API calls 97445->97446 97447 192af3 97446->97447 97448 192b1d 97447->97448 97449 192aff 97447->97449 97451 106b57 22 API calls 97448->97451 97450 107510 53 API calls 97449->97450 97452 192b0c 97450->97452 97454 192b1b 97451->97454 97452->97454 97455 10a8c7 22 API calls __fread_nolock 97452->97455 97454->97251 97455->97454 97466 16def7 97456->97466 97458 16d5db CloseHandle 97458->97263 97459 16d529 Process32NextW 97459->97458 97463 16d522 97459->97463 97460 10a961 22 API calls 97460->97463 97461 109cb3 22 API calls 97461->97463 97463->97458 97463->97459 97463->97460 97463->97461 97472 10525f 22 API calls 97463->97472 97473 106350 22 API calls 97463->97473 97474 11ce60 41 API calls 97463->97474 97471 16df02 97466->97471 97467 16df19 97476 1262fb 39 API calls _strftime 97467->97476 97470 16df1f 97470->97463 97471->97467 97471->97470 97475 1263b2 GetStringTypeW _strftime 97471->97475 97472->97463 97473->97463 97474->97463 97475->97471 97476->97470 97478 16dc06 97477->97478 97479 16dbdc GetFileAttributesW 97477->97479 97478->97273 97479->97478 97480 16dbe8 FindFirstFileW 97479->97480 97480->97478 97481 16dbf9 FindClose 97480->97481 97481->97478 97482 138402 97487 1381be 97482->97487 97485 13842a 97491 1381ef try_get_first_available_module 97487->97491 97489 1383ee 97506 1327ec 26 API calls _strftime 97489->97506 97498 138338 97491->97498 97502 128e0b 40 API calls 2 library calls 97491->97502 97492 138343 97492->97485 97499 140984 97492->97499 97494 13838c 97494->97498 97503 128e0b 40 API calls 2 library calls 97494->97503 97496 1383ab 97496->97498 97504 128e0b 40 API calls 2 library calls 97496->97504 97498->97492 97505 12f2d9 20 API calls __dosmaperr 97498->97505 97507 140081 97499->97507 97501 14099f 97501->97485 97502->97494 97503->97496 97504->97498 97505->97489 97506->97492 97510 14008d CallCatchBlock 97507->97510 97508 14009b 97565 12f2d9 20 API calls __dosmaperr 97508->97565 97510->97508 97512 1400d4 97510->97512 97511 1400a0 97566 1327ec 26 API calls _strftime 97511->97566 97518 14065b 97512->97518 97517 1400aa __wsopen_s 97517->97501 97568 14042f 97518->97568 97521 1406a6 97586 135221 97521->97586 97522 14068d 97600 12f2c6 20 API calls __dosmaperr 97522->97600 97525 1406ab 97527 1406b4 97525->97527 97528 1406cb 97525->97528 97526 140692 97601 12f2d9 20 API calls __dosmaperr 97526->97601 97602 12f2c6 20 API calls __dosmaperr 97527->97602 97599 14039a CreateFileW 97528->97599 97532 1400f8 97567 140121 LeaveCriticalSection __wsopen_s 97532->97567 97533 1406b9 97603 12f2d9 20 API calls __dosmaperr 97533->97603 97534 140781 GetFileType 97537 1407d3 97534->97537 97538 14078c GetLastError 97534->97538 97536 140756 GetLastError 97605 12f2a3 20 API calls __dosmaperr 97536->97605 97608 13516a 21 API calls 2 library calls 97537->97608 97606 12f2a3 20 API calls __dosmaperr 97538->97606 97539 140704 97539->97534 97539->97536 97604 14039a CreateFileW 97539->97604 97543 14079a CloseHandle 97543->97526 97546 1407c3 97543->97546 97545 140749 97545->97534 97545->97536 97607 12f2d9 20 API calls __dosmaperr 97546->97607 97547 1407f4 97549 140840 97547->97549 97609 1405ab 72 API calls 3 library calls 97547->97609 97554 14086d 97549->97554 97610 14014d 72 API calls 4 library calls 97549->97610 97550 1407c8 97550->97526 97553 140866 97553->97554 97555 14087e 97553->97555 97556 1386ae __wsopen_s 29 API calls 97554->97556 97555->97532 97557 1408fc CloseHandle 97555->97557 97556->97532 97611 14039a CreateFileW 97557->97611 97559 140927 97560 140931 GetLastError 97559->97560 97561 14095d 97559->97561 97612 12f2a3 20 API calls __dosmaperr 97560->97612 97561->97532 97563 14093d 97613 135333 21 API calls 2 library calls 97563->97613 97565->97511 97566->97517 97567->97517 97569 14046a 97568->97569 97570 140450 97568->97570 97614 1403bf 97569->97614 97570->97569 97621 12f2d9 20 API calls __dosmaperr 97570->97621 97572 1404a2 97576 1404d1 97572->97576 97623 12f2d9 20 API calls __dosmaperr 97572->97623 97574 14045f 97622 1327ec 26 API calls _strftime 97574->97622 97584 140524 97576->97584 97625 12d70d 26 API calls 2 library calls 97576->97625 97579 14051f 97581 14059e 97579->97581 97579->97584 97580 1404c6 97624 1327ec 26 API calls _strftime 97580->97624 97626 1327fc 11 API calls _abort 97581->97626 97584->97521 97584->97522 97585 1405aa 97587 13522d CallCatchBlock 97586->97587 97629 132f5e EnterCriticalSection 97587->97629 97589 13527b 97630 13532a 97589->97630 97591 135259 97594 135000 __wsopen_s 21 API calls 97591->97594 97592 135234 97592->97589 97592->97591 97596 1352c7 EnterCriticalSection 97592->97596 97593 1352a4 __wsopen_s 97593->97525 97595 13525e 97594->97595 97595->97589 97633 135147 EnterCriticalSection 97595->97633 97596->97589 97597 1352d4 LeaveCriticalSection 97596->97597 97597->97592 97599->97539 97600->97526 97601->97532 97602->97533 97603->97526 97604->97545 97605->97526 97606->97543 97607->97550 97608->97547 97609->97549 97610->97553 97611->97559 97612->97563 97613->97561 97615 1403d7 97614->97615 97616 1403f2 97615->97616 97627 12f2d9 20 API calls __dosmaperr 97615->97627 97616->97572 97618 140416 97628 1327ec 26 API calls _strftime 97618->97628 97620 140421 97620->97572 97621->97574 97622->97569 97623->97580 97624->97576 97625->97579 97626->97585 97627->97618 97628->97620 97629->97592 97634 132fa6 LeaveCriticalSection 97630->97634 97632 135331 97632->97593 97633->97589 97634->97632 97635 142ba5 97636 102b25 97635->97636 97637 142baf 97635->97637 97663 102b83 7 API calls 97636->97663 97638 103a5a 24 API calls 97637->97638 97640 142bb8 97638->97640 97643 109cb3 22 API calls 97640->97643 97645 142bc6 97643->97645 97644 102b2f 97648 103837 49 API calls 97644->97648 97652 102b44 97644->97652 97646 142bf5 97645->97646 97647 142bce 97645->97647 97650 1033c6 22 API calls 97646->97650 97649 1033c6 22 API calls 97647->97649 97648->97652 97651 142bd9 97649->97651 97661 142bf1 GetForegroundWindow ShellExecuteW 97650->97661 97667 106350 22 API calls 97651->97667 97655 1030f2 Shell_NotifyIconW 97652->97655 97657 102b5f 97652->97657 97655->97657 97656 142be7 97659 1033c6 22 API calls 97656->97659 97660 102b66 SetCurrentDirectoryW 97657->97660 97658 142c26 97658->97657 97659->97661 97662 102b7a 97660->97662 97661->97658 97668 102cd4 7 API calls 97663->97668 97665 102b2a 97666 102c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 97665->97666 97666->97644 97667->97656 97668->97665 97669 102de3 97670 102df0 __wsopen_s 97669->97670 97671 102e09 97670->97671 97672 142c2b ___scrt_fastfail 97670->97672 97673 103aa2 23 API calls 97671->97673 97674 142c47 GetOpenFileNameW 97672->97674 97675 102e12 97673->97675 97676 142c96 97674->97676 97685 102da5 97675->97685 97678 106b57 22 API calls 97676->97678 97680 142cab 97678->97680 97680->97680 97682 102e27 97703 1044a8 97682->97703 97686 141f50 __wsopen_s 97685->97686 97687 102db2 GetLongPathNameW 97686->97687 97688 106b57 22 API calls 97687->97688 97689 102dda 97688->97689 97690 103598 97689->97690 97691 10a961 22 API calls 97690->97691 97692 1035aa 97691->97692 97693 103aa2 23 API calls 97692->97693 97694 1035b5 97693->97694 97695 1035c0 97694->97695 97696 1432eb 97694->97696 97698 10515f 22 API calls 97695->97698 97701 14330d 97696->97701 97738 11ce60 41 API calls 97696->97738 97699 1035cc 97698->97699 97732 1035f3 97699->97732 97702 1035df 97702->97682 97704 104ecb 94 API calls 97703->97704 97705 1044cd 97704->97705 97706 143833 97705->97706 97707 104ecb 94 API calls 97705->97707 97708 172cf9 80 API calls 97706->97708 97709 1044e1 97707->97709 97710 143848 97708->97710 97709->97706 97711 1044e9 97709->97711 97712 14384c 97710->97712 97713 143869 97710->97713 97715 143854 97711->97715 97716 1044f5 97711->97716 97717 104f39 68 API calls 97712->97717 97714 11fe0b 22 API calls 97713->97714 97723 1438ae 97714->97723 97740 16da5a 82 API calls 97715->97740 97739 10940c 136 API calls 2 library calls 97716->97739 97717->97715 97720 143862 97720->97713 97721 102e31 97722 104f39 68 API calls 97726 143a5f 97722->97726 97723->97726 97729 109cb3 22 API calls 97723->97729 97741 16967e 22 API calls __fread_nolock 97723->97741 97742 1695ad 42 API calls _wcslen 97723->97742 97743 170b5a 22 API calls 97723->97743 97744 10a4a1 22 API calls __fread_nolock 97723->97744 97745 103ff7 22 API calls 97723->97745 97726->97722 97746 16989b 82 API calls __wsopen_s 97726->97746 97729->97723 97733 103605 97732->97733 97737 103624 __fread_nolock 97732->97737 97736 11fe0b 22 API calls 97733->97736 97734 11fddb 22 API calls 97735 10363b 97734->97735 97735->97702 97736->97737 97737->97734 97738->97696 97739->97721 97740->97720 97741->97723 97742->97723 97743->97723 97744->97723 97745->97723 97746->97726 97747 101044 97752 1010f3 97747->97752 97749 10104a 97788 1200a3 29 API calls __onexit 97749->97788 97751 101054 97789 101398 97752->97789 97756 10116a 97757 10a961 22 API calls 97756->97757 97758 101174 97757->97758 97759 10a961 22 API calls 97758->97759 97760 10117e 97759->97760 97761 10a961 22 API calls 97760->97761 97762 101188 97761->97762 97763 10a961 22 API calls 97762->97763 97764 1011c6 97763->97764 97765 10a961 22 API calls 97764->97765 97766 101292 97765->97766 97799 10171c 97766->97799 97770 1012c4 97771 10a961 22 API calls 97770->97771 97772 1012ce 97771->97772 97773 111940 9 API calls 97772->97773 97774 1012f9 97773->97774 97820 101aab 97774->97820 97776 101315 97777 101325 GetStdHandle 97776->97777 97778 142485 97777->97778 97779 10137a 97777->97779 97778->97779 97780 14248e 97778->97780 97782 101387 OleInitialize 97779->97782 97781 11fddb 22 API calls 97780->97781 97783 142495 97781->97783 97782->97749 97827 17011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 97783->97827 97785 14249e 97828 170944 CreateThread 97785->97828 97787 1424aa CloseHandle 97787->97779 97788->97751 97829 1013f1 97789->97829 97792 1013f1 22 API calls 97793 1013d0 97792->97793 97794 10a961 22 API calls 97793->97794 97795 1013dc 97794->97795 97796 106b57 22 API calls 97795->97796 97797 101129 97796->97797 97798 101bc3 6 API calls 97797->97798 97798->97756 97800 10a961 22 API calls 97799->97800 97801 10172c 97800->97801 97802 10a961 22 API calls 97801->97802 97803 101734 97802->97803 97804 10a961 22 API calls 97803->97804 97805 10174f 97804->97805 97806 11fddb 22 API calls 97805->97806 97807 10129c 97806->97807 97808 101b4a 97807->97808 97809 101b58 97808->97809 97810 10a961 22 API calls 97809->97810 97811 101b63 97810->97811 97812 10a961 22 API calls 97811->97812 97813 101b6e 97812->97813 97814 10a961 22 API calls 97813->97814 97815 101b79 97814->97815 97816 10a961 22 API calls 97815->97816 97817 101b84 97816->97817 97818 11fddb 22 API calls 97817->97818 97819 101b96 RegisterWindowMessageW 97818->97819 97819->97770 97821 14272d 97820->97821 97822 101abb 97820->97822 97836 173209 23 API calls 97821->97836 97823 11fddb 22 API calls 97822->97823 97825 101ac3 97823->97825 97825->97776 97826 142738 97827->97785 97828->97787 97837 17092a 28 API calls 97828->97837 97830 10a961 22 API calls 97829->97830 97831 1013fc 97830->97831 97832 10a961 22 API calls 97831->97832 97833 101404 97832->97833 97834 10a961 22 API calls 97833->97834 97835 1013c6 97834->97835 97835->97792 97836->97826 97838 152a00 97849 10d7b0 messages 97838->97849 97839 10d9d5 97840 10db11 PeekMessageW 97840->97849 97841 10d807 GetInputState 97841->97840 97841->97849 97843 151cbe TranslateAcceleratorW 97843->97849 97844 10da04 timeGetTime 97844->97849 97845 10db73 TranslateMessage DispatchMessageW 97846 10db8f PeekMessageW 97845->97846 97846->97849 97847 10dbaf Sleep 97847->97849 97848 152b74 Sleep 97860 152a51 97848->97860 97849->97839 97849->97840 97849->97841 97849->97843 97849->97844 97849->97845 97849->97846 97849->97847 97849->97848 97852 151dda timeGetTime 97849->97852 97849->97860 97866 10ec40 348 API calls 97849->97866 97867 111310 348 API calls 97849->97867 97868 10bf40 348 API calls 97849->97868 97870 10dd50 97849->97870 97877 11edf6 97849->97877 97882 10dfd0 348 API calls 3 library calls 97849->97882 97883 11e551 timeGetTime 97849->97883 97885 173a2a 23 API calls 97849->97885 97886 17359c 82 API calls __wsopen_s 97849->97886 97884 11e300 23 API calls 97852->97884 97854 16d4dc 47 API calls 97854->97860 97855 152c0b GetExitCodeProcess 97858 152c37 CloseHandle 97855->97858 97859 152c21 WaitForSingleObject 97855->97859 97856 1929bf GetForegroundWindow 97856->97860 97858->97860 97859->97849 97859->97858 97860->97839 97860->97849 97860->97854 97860->97855 97860->97856 97861 152ca9 Sleep 97860->97861 97887 185658 23 API calls 97860->97887 97888 16e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 97860->97888 97889 11e551 timeGetTime 97860->97889 97861->97849 97866->97849 97867->97849 97868->97849 97871 10dd83 97870->97871 97872 10dd6f 97870->97872 97922 17359c 82 API calls __wsopen_s 97871->97922 97890 10d260 97872->97890 97874 10dd7a 97874->97849 97876 152f75 97876->97876 97878 11ee09 97877->97878 97879 11ee12 97877->97879 97878->97849 97879->97878 97880 11ee36 IsDialogMessageW 97879->97880 97881 15efaf GetClassLongW 97879->97881 97880->97878 97880->97879 97881->97879 97881->97880 97882->97849 97883->97849 97884->97849 97885->97849 97886->97849 97887->97860 97888->97860 97889->97860 97891 10ec40 348 API calls 97890->97891 97892 10d29d 97891->97892 97893 10d6d5 97892->97893 97894 10d30b messages 97892->97894 97896 10d3c3 97892->97896 97902 10d4b8 97892->97902 97907 151bc4 97892->97907 97909 11fddb 22 API calls 97892->97909 97917 10d429 __fread_nolock messages 97892->97917 97893->97894 97905 11fe0b 22 API calls 97893->97905 97894->97874 97896->97893 97897 10d3ce 97896->97897 97899 11fddb 22 API calls 97897->97899 97898 10d5ff 97900 151bb5 97898->97900 97901 10d614 97898->97901 97911 10d3d5 __fread_nolock 97899->97911 97927 185705 23 API calls 97900->97927 97904 11fddb 22 API calls 97901->97904 97906 11fe0b 22 API calls 97902->97906 97915 10d46a 97904->97915 97905->97911 97906->97917 97928 17359c 82 API calls __wsopen_s 97907->97928 97908 11fddb 22 API calls 97910 10d3f6 97908->97910 97909->97892 97910->97917 97923 10bec0 348 API calls 97910->97923 97911->97908 97911->97910 97913 151ba4 97926 17359c 82 API calls __wsopen_s 97913->97926 97915->97874 97916 101f6f 348 API calls 97916->97917 97917->97898 97917->97913 97917->97915 97917->97916 97918 151b7f 97917->97918 97920 151b5d 97917->97920 97925 17359c 82 API calls __wsopen_s 97918->97925 97924 17359c 82 API calls __wsopen_s 97920->97924 97922->97876 97923->97917 97924->97915 97925->97915 97926->97915 97927->97907 97928->97894 97929 142402 97932 101410 97929->97932 97933 1424b8 DestroyWindow 97932->97933 97934 10144f mciSendStringW 97932->97934 97947 1424c4 97933->97947 97935 1016c6 97934->97935 97936 10146b 97934->97936 97935->97936 97938 1016d5 UnregisterHotKey 97935->97938 97937 101479 97936->97937 97936->97947 97965 10182e 97937->97965 97938->97935 97940 1424e2 FindClose 97940->97947 97941 1424d8 97941->97947 97971 106246 CloseHandle 97941->97971 97943 142509 97946 14251c FreeLibrary 97943->97946 97948 14252d 97943->97948 97945 10148e 97945->97948 97952 10149c 97945->97952 97946->97943 97947->97940 97947->97941 97947->97943 97949 142541 VirtualFree 97948->97949 97954 101509 97948->97954 97949->97948 97950 1014f8 CoUninitialize 97950->97954 97951 142589 97958 142598 messages 97951->97958 97972 1732eb 6 API calls messages 97951->97972 97952->97950 97954->97951 97955 101514 97954->97955 97969 101944 VirtualFreeEx CloseHandle 97955->97969 97957 10153a 97960 101561 97957->97960 97961 142627 97958->97961 97973 1664d4 22 API calls messages 97958->97973 97960->97958 97962 10161f 97960->97962 97961->97961 97962->97961 97970 101876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 97962->97970 97964 1016c1 97967 10183b 97965->97967 97966 101480 97966->97943 97966->97945 97967->97966 97974 16702a 22 API calls 97967->97974 97969->97957 97970->97964 97971->97941 97972->97951 97973->97958 97974->97967 97975 101cad SystemParametersInfoW

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 389 1042de-10434d call 10a961 GetVersionExW call 106b57 394 143617-14362a 389->394 395 104353 389->395 397 14362b-14362f 394->397 396 104355-104357 395->396 398 143656 396->398 399 10435d-1043bc call 1093b2 call 1037a0 396->399 400 143631 397->400 401 143632-14363e 397->401 405 14365d-143660 398->405 418 1043c2-1043c4 399->418 419 1437df-1437e6 399->419 400->401 401->397 402 143640-143642 401->402 402->396 404 143648-14364f 402->404 404->394 407 143651 404->407 408 143666-1436a8 405->408 409 10441b-104435 GetCurrentProcess IsWow64Process 405->409 407->398 408->409 413 1436ae-1436b1 408->413 411 104494-10449a 409->411 412 104437 409->412 415 10443d-104449 411->415 412->415 416 1436b3-1436bd 413->416 417 1436db-1436e5 413->417 420 143824-143828 GetSystemInfo 415->420 421 10444f-10445e LoadLibraryA 415->421 422 1436bf-1436c5 416->422 423 1436ca-1436d6 416->423 425 1436e7-1436f3 417->425 426 1436f8-143702 417->426 418->405 424 1043ca-1043dd 418->424 427 143806-143809 419->427 428 1437e8 419->428 431 104460-10446e GetProcAddress 421->431 432 10449c-1044a6 GetSystemInfo 421->432 422->409 423->409 433 143726-14372f 424->433 434 1043e3-1043e5 424->434 425->409 436 143704-143710 426->436 437 143715-143721 426->437 429 1437f4-1437fc 427->429 430 14380b-14381a 427->430 435 1437ee 428->435 429->427 430->435 440 14381c-143822 430->440 431->432 441 104470-104474 GetNativeSystemInfo 431->441 442 104476-104478 432->442 438 143731-143737 433->438 439 14373c-143748 433->439 443 14374d-143762 434->443 444 1043eb-1043ee 434->444 435->429 436->409 437->409 438->409 439->409 440->429 441->442 447 104481-104493 442->447 448 10447a-10447b FreeLibrary 442->448 445 143764-14376a 443->445 446 14376f-14377b 443->446 449 1043f4-10440f 444->449 450 143791-143794 444->450 445->409 446->409 448->447 451 143780-14378c 449->451 452 104415 449->452 450->409 453 14379a-1437c1 450->453 451->409 452->409 454 1437c3-1437c9 453->454 455 1437ce-1437da 453->455 454->409 455->409
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 0010430D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00106B57: _wcslen.LIBCMT ref: 00106B6A
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,0019CB64,00000000,?,?), ref: 00104422
                                                                                                                                                                                                                                                                                                                                                            • IsWow64Process.KERNEL32(00000000,?,?), ref: 00104429
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00104454
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00104466
                                                                                                                                                                                                                                                                                                                                                            • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00104474
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 0010447B
                                                                                                                                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,?), ref: 001044A0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 700ac80c662ee5ac448424bf281121790c484dd1d0bc6e8606ead97dfa84bf4b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d25767c5baea6b4199bb5d137f7404592a2df4a82c6051a487710888289ad7fa
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 700ac80c662ee5ac448424bf281121790c484dd1d0bc6e8606ead97dfa84bf4b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0A183B290B2C0FFCB15C76EBD811957FA5BB26360B1948ABD1D193E72D3704688CB61

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 793 1042a2-1042ba CreateStreamOnHGlobal 794 1042da-1042dd 793->794 795 1042bc-1042d3 FindResourceExW 793->795 796 1042d9 795->796 797 1435ba-1435c9 LoadResource 795->797 796->794 797->796 798 1435cf-1435dd SizeofResource 797->798 798->796 799 1435e3-1435ee LockResource 798->799 799->796 800 1435f4-1435fc 799->800 801 143600-143612 800->801 801->796
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,001050AA,?,?,00000000,00000000), ref: 001042B2
                                                                                                                                                                                                                                                                                                                                                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,001050AA,?,?,00000000,00000000), ref: 001042C9
                                                                                                                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,001050AA,?,?,00000000,00000000,?,?,?,?,?,?,00104F20), ref: 001435BE
                                                                                                                                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(?,00000000,?,?,001050AA,?,?,00000000,00000000,?,?,?,?,?,?,00104F20), ref: 001435D3
                                                                                                                                                                                                                                                                                                                                                            • LockResource.KERNEL32(001050AA,?,?,001050AA,?,?,00000000,00000000,?,?,?,?,?,?,00104F20,?), ref: 001435E6
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                            • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ffb2caefb822a901ddda54b2aced911c47d56f4d339595bb3de5c7c416ffbea2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 10e99e103ae4430333b3d38cf250bfe738667e29fd85ee85c47f354c52eebdf0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ffb2caefb822a901ddda54b2aced911c47d56f4d339595bb3de5c7c416ffbea2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03118EB0300700BFDB219B65EC88F677BB9EBC5B51F10416AF582D66A0DBB1DC408A70

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00102B6B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00103A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,001D1418,?,00102E7F,?,?,?,00000000), ref: 00103A78
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00109CB3: _wcslen.LIBCMT ref: 00109CBD
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(runas,?,?,?,?,?,001C2224), ref: 00142C10
                                                                                                                                                                                                                                                                                                                                                            • ShellExecuteW.SHELL32(00000000,?,?,001C2224), ref: 00142C17
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: runas
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7a84e4b5b4516bfbaf7d595445e0c3f67ba7f3aae8da1a2a85b26e09e5ef29da
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 195ae89294bc782a40bc125da0ac84551240d225f61f84f001249599211bfab8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a84e4b5b4516bfbaf7d595445e0c3f67ba7f3aae8da1a2a85b26e09e5ef29da
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0811E4312083457AC714FF60D856E7E77A8ABB1300F44442EF0D2560E3CFB19689C752

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 0016D501
                                                                                                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 0016D50F
                                                                                                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 0016D52F
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000), ref: 0016D5DC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4672d3aafcab2f5be8a663611f4272f2b7bc2483889c0b4e12c8811c0ec6004a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dd8ca95f5317aa4238fe06a23f14027e6fed19d86ac59b4f8ed78ce2738d77aa
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4672d3aafcab2f5be8a663611f4272f2b7bc2483889c0b4e12c8811c0ec6004a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D31C4715083009FD304EF54DC91AAFBBF8EFA9344F10052DF5C2861A2EB719945CB92

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 993 16dbbe-16dbda lstrlenW 994 16dc06 993->994 995 16dbdc-16dbe6 GetFileAttributesW 993->995 997 16dc09-16dc0d 994->997 996 16dbe8-16dbf7 FindFirstFileW 995->996 995->997 996->994 998 16dbf9-16dc04 FindClose 996->998 998->997
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,00145222), ref: 0016DBCE
                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(?), ref: 0016DBDD
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0016DBEE
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0016DBFA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 530ae762d145d4ec4536f345410071054ba5564230b0560aa6afc3aa4c135f49
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 152911e90ff3a75b867b8389db200b052a938ff2bbe25483cad5e5e16ab456e3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 530ae762d145d4ec4536f345410071054ba5564230b0560aa6afc3aa4c135f49
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CAF0A03081091857C220AB78AC0D8AA376D9F02334B50470BF8B6C24E0EBB159E4C6D9
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(001328E9,?,00124CBE,001328E9,001C88B8,0000000C,00124E15,001328E9,00000002,00000000,?,001328E9), ref: 00124D09
                                                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00124CBE,001328E9,001C88B8,0000000C,00124E15,001328E9,00000002,00000000,?,001328E9), ref: 00124D10
                                                                                                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00124D22
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 18de76cec3233fe3a92a628c639b171ab879ecb5e52f49d48668b3daf794671e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 28e6a534d569c3258176014ae4a279e1e9f85ae95a846f925001a6bdd4596f6c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18de76cec3233fe3a92a628c639b171ab879ecb5e52f49d48668b3daf794671e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60E0B631000158AFCF11AF94EE0AA583B69FB61B81F104015FC598B522CB35EE92CA94

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 0 18aff9-18b056 call 122340 3 18b058-18b06b call 10b567 0->3 4 18b094-18b098 0->4 12 18b0c8 3->12 13 18b06d-18b092 call 10b567 * 2 3->13 6 18b09a-18b0bb call 10b567 * 2 4->6 7 18b0dd-18b0e0 4->7 29 18b0bf-18b0c4 6->29 9 18b0e2-18b0e5 7->9 10 18b0f5-18b119 call 107510 call 107620 7->10 14 18b0e8-18b0ed call 10b567 9->14 31 18b1d8-18b1e0 10->31 32 18b11f-18b178 call 107510 call 107620 call 107510 call 107620 call 107510 call 107620 10->32 17 18b0cb-18b0cf 12->17 13->29 14->10 23 18b0d9-18b0db 17->23 24 18b0d1-18b0d7 17->24 23->7 23->10 24->14 29->7 33 18b0c6 29->33 36 18b20a-18b238 GetCurrentDirectoryW call 11fe0b GetCurrentDirectoryW 31->36 37 18b1e2-18b1fd call 107510 call 107620 31->37 82 18b17a-18b195 call 107510 call 107620 32->82 83 18b1a6-18b1d6 GetSystemDirectoryW call 11fe0b GetSystemDirectoryW 32->83 33->17 45 18b23c 36->45 37->36 53 18b1ff-18b208 call 124963 37->53 48 18b240-18b244 45->48 51 18b275-18b285 call 1700d9 48->51 52 18b246-18b270 call 109c6e * 3 48->52 62 18b28b-18b2e1 call 1707c0 call 1706e6 call 1705a7 51->62 63 18b287-18b289 51->63 52->51 53->36 53->51 66 18b2ee-18b2f2 62->66 98 18b2e3 62->98 63->66 71 18b2f8-18b321 call 1611c8 66->71 72 18b39a-18b3be CreateProcessW 66->72 87 18b32a call 1614ce 71->87 88 18b323-18b328 call 161201 71->88 76 18b3c1-18b3d4 call 11fe14 * 2 72->76 103 18b42f-18b43d CloseHandle 76->103 104 18b3d6-18b3e8 76->104 82->83 105 18b197-18b1a0 call 124963 82->105 83->45 97 18b32f-18b33c call 124963 87->97 88->97 113 18b33e-18b345 97->113 114 18b347-18b357 call 124963 97->114 98->66 107 18b49c 103->107 108 18b43f-18b444 103->108 109 18b3ea 104->109 110 18b3ed-18b3fc 104->110 105->48 105->83 111 18b4a0-18b4a4 107->111 115 18b451-18b456 108->115 116 18b446-18b44c CloseHandle 108->116 109->110 117 18b3fe 110->117 118 18b401-18b42a GetLastError call 10630c call 10cfa0 110->118 120 18b4b2-18b4bc 111->120 121 18b4a6-18b4b0 111->121 113->113 113->114 136 18b359-18b360 114->136 137 18b362-18b372 call 124963 114->137 124 18b458-18b45e CloseHandle 115->124 125 18b463-18b468 115->125 116->115 117->118 127 18b4e5-18b4f6 call 170175 118->127 128 18b4be 120->128 129 18b4c4-18b4e3 call 10cfa0 CloseHandle 120->129 121->127 124->125 131 18b46a-18b470 CloseHandle 125->131 132 18b475-18b49a call 1709d9 call 18b536 125->132 128->129 129->127 131->132 132->111 136->136 136->137 146 18b37d-18b398 call 11fe14 * 3 137->146 147 18b374-18b37b 137->147 146->76 147->146 147->147
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0018B198
                                                                                                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0018B1B0
                                                                                                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0018B1D4
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0018B200
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0018B214
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0018B236
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0018B332
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001705A7: GetStdHandle.KERNEL32(000000F6), ref: 001705C6
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0018B34B
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0018B366
                                                                                                                                                                                                                                                                                                                                                            • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0018B3B6
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 0018B407
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0018B439
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0018B44A
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0018B45C
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0018B46E
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0018B4E3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6bc67034d6a8b52c46e24e67093173bc963124b0bb184be12741bd02a256453a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 64e89977f47c6719fee889a5c2994f6b9b517ef885fb43b14b28a0ce37de8c18
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6bc67034d6a8b52c46e24e67093173bc963124b0bb184be12741bd02a256453a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43F18C315083009FCB14EF24C891B6EBBE1AF89314F18855DF89A9B2A2CB71ED45CF52
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetInputState.USER32 ref: 0010D807
                                                                                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 0010DA07
                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0010DB28
                                                                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 0010DB7B
                                                                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 0010DB89
                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0010DB9F
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(0000000A), ref: 0010DBB1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6c4c5d66f6a8967a5d94aca95d75bccbfeb615e372289580a4451c8e10d8954b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: da0391c14012a865788eef7d7189e30d0e4693d86be21171f82545f61636d7bd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c4c5d66f6a8967a5d94aca95d75bccbfeb615e372289580a4451c8e10d8954b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D742E331608341EFD729CF64D844BAAB7E0BF56314F55851EF8A58B2D1D7B0E888CB92

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00102D07
                                                                                                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(00000030), ref: 00102D31
                                                                                                                                                                                                                                                                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00102D42
                                                                                                                                                                                                                                                                                                                                                            • InitCommonControlsEx.COMCTL32(?), ref: 00102D5F
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00102D6F
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A9), ref: 00102D85
                                                                                                                                                                                                                                                                                                                                                            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00102D94
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dc5e5e6d5d5eddf5d379ac66b69e7c9c339387971b604d16e2968336bedd1996
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0b906844ee0ad75d66e5ce643b36819d925b90f7c66e3042b94b3a33e2201c5e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dc5e5e6d5d5eddf5d379ac66b69e7c9c339387971b604d16e2968336bedd1996
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A21C0B5902218BFEB04DFA4E999BDDBBB8FB08704F00811BF551A66A0D7B15584CFA1

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 457 14065b-14068b call 14042f 460 1406a6-1406b2 call 135221 457->460 461 14068d-140698 call 12f2c6 457->461 467 1406b4-1406c9 call 12f2c6 call 12f2d9 460->467 468 1406cb-140714 call 14039a 460->468 466 14069a-1406a1 call 12f2d9 461->466 477 14097d-140983 466->477 467->466 475 140716-14071f 468->475 476 140781-14078a GetFileType 468->476 479 140756-14077c GetLastError call 12f2a3 475->479 480 140721-140725 475->480 481 1407d3-1407d6 476->481 482 14078c-1407bd GetLastError call 12f2a3 CloseHandle 476->482 479->466 480->479 486 140727-140754 call 14039a 480->486 484 1407df-1407e5 481->484 485 1407d8-1407dd 481->485 482->466 496 1407c3-1407ce call 12f2d9 482->496 489 1407e9-140837 call 13516a 484->489 490 1407e7 484->490 485->489 486->476 486->479 499 140847-14086b call 14014d 489->499 500 140839-140845 call 1405ab 489->500 490->489 496->466 507 14086d 499->507 508 14087e-1408c1 499->508 500->499 506 14086f-140879 call 1386ae 500->506 506->477 507->506 509 1408e2-1408f0 508->509 510 1408c3-1408c7 508->510 514 1408f6-1408fa 509->514 515 14097b 509->515 510->509 513 1408c9-1408dd 510->513 513->509 514->515 516 1408fc-14092f CloseHandle call 14039a 514->516 515->477 519 140931-14095d GetLastError call 12f2a3 call 135333 516->519 520 140963-140977 516->520 519->520 520->515
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0014039A: CreateFileW.KERNELBASE(00000000,00000000,?,00140704,?,?,00000000,?,00140704,00000000,0000000C), ref: 001403B7
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0014076F
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00140776
                                                                                                                                                                                                                                                                                                                                                            • GetFileType.KERNELBASE(00000000), ref: 00140782
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0014078C
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00140795
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 001407B5
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 001408FF
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00140931
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00140938
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                            • String ID: H
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8ff2c509f47ed1c4e7266f1ae495970b7b97a75c0d3ea200a3bf99a897e3c3b5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5872e84bebb24fb43f813c8127a81a85af9fdd4c1d7df5fa71381c29360741a6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ff2c509f47ed1c4e7266f1ae495970b7b97a75c0d3ea200a3bf99a897e3c3b5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43A11532A041148FDF1AAF68D851BAE7BB0EB0A320F24015EF9559B3A1D7359D53CB91

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00103A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,001D1418,?,00102E7F,?,?,?,00000000), ref: 00103A78
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00103357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00103379
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0010356A
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0014318D
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 001431CE
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00143210
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00143277
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00143286
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                            • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: be8f0b00e21a63bfa615283324969094818f9796d560d611696b5d0cb33d1687
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 53c74606badf6727635c2bf6b496fe404d3d45e3a62be0e52d38cb1f12c801ea
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: be8f0b00e21a63bfa615283324969094818f9796d560d611696b5d0cb33d1687
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B571B371506301AFC704EF69EC8195BBBE8FFA8340F40052EF5A5971B0DBB09A88CB61

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00102B8E
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00102B9D
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000063), ref: 00102BB3
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A4), ref: 00102BC5
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A2), ref: 00102BD7
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00102BEF
                                                                                                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(?), ref: 00102C40
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00102CD4: GetSysColorBrush.USER32(0000000F), ref: 00102D07
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00102CD4: RegisterClassExW.USER32(00000030), ref: 00102D31
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00102CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00102D42
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00102CD4: InitCommonControlsEx.COMCTL32(?), ref: 00102D5F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00102CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00102D6F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00102CD4: LoadIconW.USER32(000000A9), ref: 00102D85
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00102CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00102D94
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0ca0b1d408aea629ebc4102b250de8b1a1aa0a2204a0b275c0221e045dbc64f4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3db3dc580c9961a0071fe03fe5a8c89778e4da786413570f0ad4e69d0d50f6cf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ca0b1d408aea629ebc4102b250de8b1a1aa0a2204a0b275c0221e045dbc64f4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F212970E02318BBEB109FE5ED59AAD7FB4FB48B60F44011BE544A6AA0D7B11580CF90

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 598 103170-103185 599 1031e5-1031e7 598->599 600 103187-10318a 598->600 599->600 601 1031e9 599->601 602 1031eb 600->602 603 10318c-103193 600->603 604 1031d0-1031d8 DefWindowProcW 601->604 605 1031f1-1031f6 602->605 606 142dfb-142e23 call 1018e2 call 11e499 602->606 607 103265-10326d PostQuitMessage 603->607 608 103199-10319e 603->608 609 1031de-1031e4 604->609 611 1031f8-1031fb 605->611 612 10321d-103244 SetTimer RegisterWindowMessageW 605->612 641 142e28-142e2f 606->641 610 103219-10321b 607->610 614 1031a4-1031a8 608->614 615 142e7c-142e90 call 16bf30 608->615 610->609 620 103201-10320f KillTimer call 1030f2 611->620 621 142d9c-142d9f 611->621 612->610 616 103246-103251 CreatePopupMenu 612->616 617 142e68-142e72 call 16c161 614->617 618 1031ae-1031b3 614->618 615->610 634 142e96 615->634 616->610 639 142e77 617->639 624 142e4d-142e54 618->624 625 1031b9-1031be 618->625 638 103214 call 103c50 620->638 627 142dd7-142df6 MoveWindow 621->627 628 142da1-142da5 621->628 624->604 637 142e5a-142e63 call 160ad7 624->637 632 103253-103263 call 10326f 625->632 633 1031c4-1031ca 625->633 627->610 635 142dc6-142dd2 SetFocus 628->635 636 142da7-142daa 628->636 632->610 633->604 633->641 634->604 635->610 636->633 642 142db0-142dc1 call 1018e2 636->642 637->604 638->610 639->610 641->604 646 142e35-142e48 call 1030f2 call 103837 641->646 642->610 646->604
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0010316A,?,?), ref: 001031D8
                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,?,?,?,?,?,0010316A,?,?), ref: 00103204
                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00103227
                                                                                                                                                                                                                                                                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0010316A,?,?), ref: 00103232
                                                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 00103246
                                                                                                                                                                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 00103267
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                            • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 80453d8afd12a787dd90e09620f29e17d6db95b2454c7303ce73b65b5c3fee14
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f20a0e854eb89e6580fa0317957f2c6eb2f190559dbe1385e6b621834fc55f05
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80453d8afd12a787dd90e09620f29e17d6db95b2454c7303ce73b65b5c3fee14
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FB415B39241200BBDB1C2BB89D2DB79371EFB19354F040127F9E296AE1C7F08AC097A1

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 654 101410-101449 655 1424b8-1424b9 DestroyWindow 654->655 656 10144f-101465 mciSendStringW 654->656 659 1424c4-1424d1 655->659 657 1016c6-1016d3 656->657 658 10146b-101473 656->658 661 1016d5-1016f0 UnregisterHotKey 657->661 662 1016f8-1016ff 657->662 658->659 660 101479-101488 call 10182e 658->660 663 142500-142507 659->663 664 1424d3-1424d6 659->664 675 14250e-14251a 660->675 676 10148e-101496 660->676 661->662 666 1016f2-1016f3 call 1010d0 661->666 662->658 667 101705 662->667 663->659 672 142509 663->672 668 1424e2-1424e5 FindClose 664->668 669 1424d8-1424e0 call 106246 664->669 666->662 667->657 674 1424eb-1424f8 668->674 669->674 672->675 674->663 680 1424fa-1424fb call 1732b1 674->680 677 142524-14252b 675->677 678 14251c-14251e FreeLibrary 675->678 681 142532-14253f 676->681 682 10149c-1014c1 call 10cfa0 676->682 677->675 683 14252d 677->683 678->677 680->663 684 142566-14256d 681->684 685 142541-14255e VirtualFree 681->685 692 1014c3 682->692 693 1014f8-101503 CoUninitialize 682->693 683->681 684->681 689 14256f 684->689 685->684 688 142560-142561 call 173317 685->688 688->684 694 142574-142578 689->694 696 1014c6-1014f6 call 101a05 call 1019ae 692->696 693->694 695 101509-10150e 693->695 694->695 700 14257e-142584 694->700 698 101514-10151e 695->698 699 142589-142596 call 1732eb 695->699 696->693 703 101524-10152f call 10988f 698->703 704 101707-101714 call 11f80e 698->704 712 142598 699->712 700->695 715 101535 call 101944 703->715 704->703 714 10171a 704->714 716 14259d-1425bf call 11fdcd 712->716 714->704 717 10153a-10155c call 1017d5 call 11fe14 call 10177c 715->717 722 1425c1 716->722 727 101561-1015a5 call 10988f call 10cfa0 call 1017fe call 11fe14 717->727 726 1425c6-1425e8 call 11fdcd 722->726 732 1425ea 726->732 727->716 744 1015ab-1015cf call 11fe14 727->744 735 1425ef-142611 call 11fdcd 732->735 740 142613 735->740 743 142618-142625 call 1664d4 740->743 749 142627 743->749 744->726 750 1015d5-1015f9 call 11fe14 744->750 752 14262c-142639 call 11ac64 749->752 750->735 754 1015ff-101619 call 11fe14 750->754 759 14263b 752->759 754->743 760 10161f-101643 call 1017d5 call 11fe14 754->760 762 142640-14264d call 173245 759->762 760->752 769 101649-101651 760->769 767 14264f 762->767 770 142654-142661 call 1732cc 767->770 769->762 771 101657-101675 call 10988f call 10190a 769->771 776 142663 770->776 771->770 780 10167b-101689 771->780 779 142668-142675 call 1732cc 776->779 786 142677 779->786 780->779 782 10168f-1016c5 call 10988f * 3 call 101876 780->782 786->786
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00101459
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.COMBASE ref: 001014F8
                                                                                                                                                                                                                                                                                                                                                            • UnregisterHotKey.USER32(?), ref: 001016DD
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 001424B9
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 0014251E
                                                                                                                                                                                                                                                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0014254B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: close all
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a7fe0f6104c6479428e177cfd8451a370ffe3d026803242af35e697c6cd3edee
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f29df513e9a27123db0fadc7b9b45b347e63716a65be5eac79e87113619d59e5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7fe0f6104c6479428e177cfd8451a370ffe3d026803242af35e697c6cd3edee
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 06D19031701212DFCB19EF14C899A69F7A0BF15700F5541ADF88AAB2A2DB71ED52CF90

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 803 102c63-102cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00102C91
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00102CB2
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00101CAD,?), ref: 00102CC6
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00101CAD,?), ref: 00102CCF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 56283213908948b681001b67106a2976163c8ea4147ebc3d7afde412b0e105fc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cb44e5c2a8d3280ec785772f14302122733cb2ca3995df2f7dbe3cbe47fda035
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56283213908948b681001b67106a2976163c8ea4147ebc3d7afde412b0e105fc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92F0DA756422907BEB311717AC08E773FBDE7C6F60B00005BF904A29A0C6651890DAB0

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 954 103b1c-103b27 955 103b99-103b9b 954->955 956 103b29-103b2e 954->956 957 103b8c-103b8f 955->957 956->955 958 103b30-103b48 RegOpenKeyExW 956->958 958->955 959 103b4a-103b69 RegQueryValueExW 958->959 960 103b80-103b8b RegCloseKey 959->960 961 103b6b-103b76 959->961 960->957 962 103b90-103b97 961->962 963 103b78-103b7a 961->963 964 103b7e 962->964 963->964 964->960
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00103B0F,SwapMouseButtons,00000004,?), ref: 00103B40
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00103B0F,SwapMouseButtons,00000004,?), ref: 00103B61
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00103B0F,SwapMouseButtons,00000004,?), ref: 00103B83
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                            • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0e34b66e0718cfe304d0991b3e80964d91ea9ebd8b8b16d0337fa9bc24926aec
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ec284495994553744e153c0b001f03f3164ecd0162e4ad00196a59590a02a1dc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e34b66e0718cfe304d0991b3e80964d91ea9ebd8b8b16d0337fa9bc24926aec
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F1157B5610208FFDB208FA4DC84AAEBBBCEF40748B10846AB851D7150E3719E409BA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 001433A2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00106B57: _wcslen.LIBCMT ref: 00106B6A
                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00103A04
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5e72dce5f2db7e2fd332c66f73a48cf7f4b51298ceef7e428277ba54daed0d41
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1d5683d5cf7c1b0a718f0d3f3a80a2f3a2532d2afe8d5456d4a8ae39793b1da5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e72dce5f2db7e2fd332c66f73a48cf7f4b51298ceef7e428277ba54daed0d41
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E31CD71509304BAC324EB20D845BEAB3DCBB54324F00492BF5E9821D1DBB09A89C7C2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00120668
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001232A4: RaiseException.KERNEL32(?,?,?,0012068A,?,001D1444,?,?,?,?,?,?,0012068A,00101129,001C8738,00101129), ref: 00123304
                                                                                                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00120685
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                            • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dc89ff97e753657030536bb7394f980aea98747ad81e8e98e0df7fb2c90bd5e2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 52f42cddaa50346f49e4db09ae1f7cbac48368124a5117bbefddfc133f7f9406
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dc89ff97e753657030536bb7394f980aea98747ad81e8e98e0df7fb2c90bd5e2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9DF0C23490022DB7CF05BAA4F846DAE7B6C5E24310B604639B824D65D3EF71DA76C6C0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00101BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00101BF4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00101BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00101BFC
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00101BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00101C07
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00101BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00101C12
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00101BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00101C1A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00101BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00101C22
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00101B4A: RegisterWindowMessageW.USER32(00000004,?,001012C4), ref: 00101BA2
                                                                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0010136A
                                                                                                                                                                                                                                                                                                                                                            • OleInitialize.OLE32 ref: 00101388
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000), ref: 001424AB
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 89ab6661d0031563bf0ce1255df9fc63a2ac68f201fd493dac98d35fc40633df
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 467702204e5e08a21187c4844227d2e5a12830015e96d0c8932159099700a2b7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89ab6661d0031563bf0ce1255df9fc63a2ac68f201fd493dac98d35fc40633df
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C719BB5A03300BFC784DFB9BA456953BE1FB9A344354822BD44AD7BA2EB784481CF51
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00103923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00103A04
                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0016C259
                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,?,?), ref: 0016C261
                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0016C270
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4f711e9b641a8c4ba19e44f6c8e7136788859f3a724606fecd75c510f943212d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bce86635048f9ffe7d23f20301df030e86ae0155534ef65ea2f976bea2c78269
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f711e9b641a8c4ba19e44f6c8e7136788859f3a724606fecd75c510f943212d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1319370904344AFEB229F648C95BEBBBECAF16308F00049ED6DA97241C7745A84CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000,00000000,?,?,001385CC,?,001C8CC8,0000000C), ref: 00138704
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,001385CC,?,001C8CC8,0000000C), ref: 0013870E
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00138739
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a61797c83c5261a309f507416a3cc9d92f39cf9060ec9580a88118770800f379
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bb506624cff6c0a591ce2e63fd8146fa4c626cdab05141a2239d4787264f5d4c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a61797c83c5261a309f507416a3cc9d92f39cf9060ec9580a88118770800f379
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8014932A0572027DB356334A947B7E675A9B92B74F39011EF8199B1D2DFA0CCC18190
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 0010DB7B
                                                                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 0010DB89
                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0010DB9F
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(0000000A), ref: 0010DBB1
                                                                                                                                                                                                                                                                                                                                                            • TranslateAcceleratorW.USER32(?,?,?), ref: 00151CC9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f0bc6655d20e092d322d50de355de3030f999515022d0531087f62d48ab6de56
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c8e40147a87db47b25914fff4801f38300e7b1b26bdce8b464f15966477f8a4b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f0bc6655d20e092d322d50de355de3030f999515022d0531087f62d48ab6de56
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CFF05430604380ABE734C7F09C45FEA73ACEB45311F504516E699874C0DB709488DB55
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 001117F6
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                            • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c7d912e0e7a4528b3fa83ef29c254efeecf4a4a929b942617d26394bc74a82b6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1c765566a06639f3182055363cdcdffc85380075a23e6c3672163e99a9795dcc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c7d912e0e7a4528b3fa83ef29c254efeecf4a4a929b942617d26394bc74a82b6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28228C70608201EFC718DF14C494AAAFBF2BF95314F54892DF9968B3A1D771E885CB82
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetOpenFileNameW.COMDLG32(?), ref: 00142C8C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00103AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00103A97,?,?,00102E7F,?,?,?,00000000), ref: 00103AC2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00102DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00102DC4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID: X
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5ebe2fad1fff22d5a245ac33944a344087d595b5d6b2e2035f35514834407309
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bded4bf403a6f601f7e79f78c305684037522c981e69ef09dd361806b786e379
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ebe2fad1fff22d5a245ac33944a344087d595b5d6b2e2035f35514834407309
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 45219671A00258ABCB05DF94D849BDE7BFCAF59314F00405AE445F7281DBF499898B61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00103908
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9fab80a041308ca8b1286ea9cd38008f7d67d40fa5666d4c557b43295fd9054b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 24e89a286788db490f72e1ecb29d1d6ffceea026bb3d8469954dfee6fc64a5e0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9fab80a041308ca8b1286ea9cd38008f7d67d40fa5666d4c557b43295fd9054b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E319370605701AFD720DF24D884797BBE8FB49718F00096FF5E983690E7B1AA44CB52
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 0011F661
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0010D730: GetInputState.USER32 ref: 0010D807
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 0015F2DE
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4603feb95211a4c7fadd20656920f8d67a5826565d75e3526fcb6a6bfd8b4018
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f574bb87f76c4cd4a3f51d0cccfff006d3e62f1a2039cb60c540575f2a962c72
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4603feb95211a4c7fadd20656920f8d67a5826565d75e3526fcb6a6bfd8b4018
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0F08C312442059FD314EF69E849BAAB7E8FF59761F00006AE89DC73A0DBB0AC40CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00104E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00104EDD,?,001D1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00104E9C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00104E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00104EAE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00104E90: FreeLibrary.KERNEL32(00000000,?,?,00104EDD,?,001D1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00104EC0
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,001D1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00104EFD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00104E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00143CDE,?,001D1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00104E62
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00104E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00104E74
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00104E59: FreeLibrary.KERNEL32(00000000,?,?,00143CDE,?,001D1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00104E87
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5fc19f929db5b477d3b826b7561e5f67404e768c64eda3a4aae9cc83538e6760
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0620521c040e9a1876acaf0e515d022a0adfc4f57249f6868637e66bdfdb1f42
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5fc19f929db5b477d3b826b7561e5f67404e768c64eda3a4aae9cc83538e6760
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59112771600206ABDF14BB64DC82FAD77A59F60711F10842EF6C2A61D1EFF49A059B90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5b369bf648f36441aab4cd116f1692cf1f6cd5ee56b9271afb598cce7ef5c3db
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d3d9587c9977175bb9836ec24946796a2481c447209622f38b7c77869c9b6536
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b369bf648f36441aab4cd116f1692cf1f6cd5ee56b9271afb598cce7ef5c3db
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79112A7590420AAFCF16DF58E941A9E7BF5EF48314F154059FC08AB312DB31DA11CBA5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00134C7D: RtlAllocateHeap.NTDLL(00000008,00101129,00000000,?,00132E29,00000001,00000364,?,?,?,0012F2DE,00133863,001D1444,?,0011FDF5,?), ref: 00134CBE
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013506C
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8f6ef1e059f56e605e6de8391390098502112ac4dffe3b28d75b2b04857066fa
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C0126722047046BE3258F659881A5AFBE9FB89370F25051DF19483280EB31A805C7B4
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e2b852b42a9e585077a007c3781a9336ff3beebe6f1a575ea9eaeb292efdd53d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8EF0F432510A309BCB313A69BC05B5A33D89F72335F100729F424931D2DB74E8128AA5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,00101129,00000000,?,00132E29,00000001,00000364,?,?,?,0012F2DE,00133863,001D1444,?,0011FDF5,?), ref: 00134CBE
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7666cb19abed96a76f2ee65128b17a2bbf0fc2d76eb068ddc2b1133626178687
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 03888dd209593fa4331914d4494c815629e62e485a2b12c646ab810c135e5da8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7666cb19abed96a76f2ee65128b17a2bbf0fc2d76eb068ddc2b1133626178687
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AF0E231603234B7EF215F62AC09B5A3788FF917B0F155126F819AA291CB70FC1296E4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,001D1444,?,0011FDF5,?,?,0010A976,00000010,001D1440,001013FC,?,001013C6,?,00101129), ref: 00133852
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ec261721ad5d3ff2e814c58e28d33d719944a9d8db3fc6c8c56d534afcec6c3b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dd7eeddec01c4c64bca1f349ef8efa9cc8aefabeaa6e52aece6c947f835423a0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec261721ad5d3ff2e814c58e28d33d719944a9d8db3fc6c8c56d534afcec6c3b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12E0E531101234E7E7212A66AC00B9A3748AF427B0F0602B5BC24A28E0CB10DD0281EC
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,001D1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00104F6D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c8758ff85b0d2da184b1c6ee8bfb6d5f62ceae7b81bba7edd99476ab0e1cf31e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 52cb21511133da7fa4f9bb1492a6f625241ed8813f0f2d5ff332c03de9d0647b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8758ff85b0d2da184b1c6ee8bfb6d5f62ceae7b81bba7edd99476ab0e1cf31e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4FF030B1105752CFDB389F68E4D0822B7E4EF14319310897EE3DA82551C7B19884DF50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 00192A66
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0888f6aba69e647c652124dfb12a38f744fd665f0696e03b079dab45dd339e69
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 87824bc5db4c11a8ea5fb5c4f13ce2d1d5b2dd0620254499f86bb7527d37e1cb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0888f6aba69e647c652124dfb12a38f744fd665f0696e03b079dab45dd339e69
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27E04F77354116BBCB14EA30DC808FA735CEB703957104536EC2AC3500DB30999586F0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0010314E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 41c076c4a19eea9187fdbcf13f5d2bb06b864fbcda2d86ec75e0e7dd49603b24
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fa605d58d2be0fde43e4a14c6a50e777571d7472a3993ab2c57594e62e610d78
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 41c076c4a19eea9187fdbcf13f5d2bb06b864fbcda2d86ec75e0e7dd49603b24
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2F01270A15314BFE7529B24DC457997BACB705708F0400E6A58896591D77457C8CB51
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00102DC4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00106B57: _wcslen.LIBCMT ref: 00106B6A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c46d8bed4afc025813201942b31c6e8a1aa798de75ced81ed1add3798077f70a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 12e28fdbd291b2e4865b6af8146e75388e5ce33ac29fe9ed019f55d3bc551007
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c46d8bed4afc025813201942b31c6e8a1aa798de75ced81ed1add3798077f70a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61E0CD726001245BC710D7589C05FDA77DDDFC8790F040071FD49D7258DA60ADC48590
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00103837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00103908
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0010D730: GetInputState.USER32 ref: 0010D807
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00102B6B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001030F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0010314E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0a471c878dc1cdc7508c54f9f31230dcc229b74151f8d75a006fa52462e40cf4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5a4355af016b362a8f7ab0d52e95de29ffed85d5425a71d7c10a377b1d7abd33
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a471c878dc1cdc7508c54f9f31230dcc229b74151f8d75a006fa52462e40cf4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8EE07D3130020427C604BBB0A81257DB34D9BF1311F40453FF1D2432E3CFE046854351
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNELBASE(00000000,00000000,?,00140704,?,?,00000000,?,00140704,00000000,0000000C), ref: 001403B7
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8b82658d6736db888d311be0e0ffa3e5cf20d6694aae5b4172000db6c79a16b5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 354257d911e73cad98f52b7d4e685207a8a0b905cc3f83e7e6499cd5e7492fd1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b82658d6736db888d311be0e0ffa3e5cf20d6694aae5b4172000db6c79a16b5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0DD06C3204010DFBDF029F84DD06EDA3BAAFB48714F014010BE5856020C732E861AB94
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00101CBC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0f14b358624a774317554831d6c2d36b40c33c6b02b00c5f7dd99d7b3116f8c3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cc2e329786089ff63f8b91855386f3cc23ea6610e5aec11127e3593a7f1457c4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f14b358624a774317554831d6c2d36b40c33c6b02b00c5f7dd99d7b3116f8c3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2C09236382305BFF2148B84BC4AF507764B358B10F448003F649A9DE3C3B228A0EA90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00119BB2
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0019961A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0019965B
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0019969F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 001996C9
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 001996F2
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 0019978B
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000009), ref: 00199798
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 001997AE
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000010), ref: 001997B8
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 001997E9
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00199810
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001030,?,00197E95), ref: 00199918
                                                                                                                                                                                                                                                                                                                                                            • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0019992E
                                                                                                                                                                                                                                                                                                                                                            • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00199941
                                                                                                                                                                                                                                                                                                                                                            • SetCapture.USER32(?), ref: 0019994A
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 001999AF
                                                                                                                                                                                                                                                                                                                                                            • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 001999BC
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 001999D6
                                                                                                                                                                                                                                                                                                                                                            • ReleaseCapture.USER32 ref: 001999E1
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00199A19
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00199A26
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 00199A80
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00199AAE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00199AEB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00199B1A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00199B3B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00199B4A
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00199B68
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00199B75
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 00199B93
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 00199BFA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00199C2B
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 00199C84
                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00199CB4
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00199CDE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00199D01
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 00199D4E
                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00199D82
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119944: GetWindowLongW.USER32(?,000000EB), ref: 00119952
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00199E05
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3429851547-4164748364
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 35c1fe94201edca8d8d95fe259cec38505f75be5a07bff870bba59cfec10adfb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: eb6c9511ba96424f4dabdb2e51e9f3a80caa03066abf16cd204aff6a0600fe51
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35c1fe94201edca8d8d95fe259cec38505f75be5a07bff870bba59cfec10adfb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1842BD75205241AFDB24CF68CC94EAABBE5FF49314F10061EF699876A1D731E890CF92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 001948F3
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00194908
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00194927
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0019494B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0019495C
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0019497B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 001949AE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 001949D4
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00194A0F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00194A56
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00194A7E
                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 00194A97
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00194AF2
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00194B20
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00194B94
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00194BE3
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00194C82
                                                                                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 00194CAE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00194CC9
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 00194CF1
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00194D13
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00194D33
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 00194D5A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                            • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ed5a3bba3e05d844dcc6bb610001388a706dad7d1010cf62be4bae9142aea981
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5765d33a05a16bf648b5872ecdd152b5f82005be3dc1220b2ce16a602a720230
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed5a3bba3e05d844dcc6bb610001388a706dad7d1010cf62be4bae9142aea981
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C12CE71600215ABEF288F68CC49FEE7BF8AF45710F144129F516DB2E1DB749982CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0011F998
                                                                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0015F474
                                                                                                                                                                                                                                                                                                                                                            • IsIconic.USER32(00000000), ref: 0015F47D
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000009), ref: 0015F48A
                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0015F494
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0015F4AA
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0015F4B1
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0015F4BD
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0015F4CE
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0015F4D6
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0015F4DE
                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0015F4E1
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0015F4F6
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0015F501
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0015F50B
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0015F510
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0015F519
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0015F51E
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0015F528
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0015F52D
                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0015F530
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0015F557
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6c9c8b37bbeb80c12ea660d595d07ce4720efe676b2659419f9f53a945344e8c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 470dc1bcd35b81923efc558840ffbc91940c1aea2542806f64dddce01a6d24c5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c9c8b37bbeb80c12ea660d595d07ce4720efe676b2659419f9f53a945344e8c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88316571B40318BBEB206BB55C4AFBF7E6CEB44B51F11042AFA04EA1D1D7B15D41AEA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001616C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0016170D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001616C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0016173A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001616C3: GetLastError.KERNEL32 ref: 0016174A
                                                                                                                                                                                                                                                                                                                                                            • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00161286
                                                                                                                                                                                                                                                                                                                                                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 001612A8
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 001612B9
                                                                                                                                                                                                                                                                                                                                                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 001612D1
                                                                                                                                                                                                                                                                                                                                                            • GetProcessWindowStation.USER32 ref: 001612EA
                                                                                                                                                                                                                                                                                                                                                            • SetProcessWindowStation.USER32(00000000), ref: 001612F4
                                                                                                                                                                                                                                                                                                                                                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00161310
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001610BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,001611FC), ref: 001610D4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001610BF: CloseHandle.KERNEL32(?,?,001611FC), ref: 001610E9
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                            • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 663a825b12c572ff61b02b8212911344047eae18ccfcb76d09d11852074887d7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 02a09a36b2e433ccb12b24f42940d6e84f82832c281a4ff6f661fb8e94af8acc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 663a825b12c572ff61b02b8212911344047eae18ccfcb76d09d11852074887d7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66819D71901209BFDF219FA4DC49FEE7BB9EF04704F18412AF911A72A0DB7199A4CB61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001610F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00161114
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001610F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00160B9B,?,?,?), ref: 00161120
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001610F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00160B9B,?,?,?), ref: 0016112F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001610F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00160B9B,?,?,?), ref: 00161136
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001610F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0016114D
                                                                                                                                                                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00160BCC
                                                                                                                                                                                                                                                                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00160C00
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00160C17
                                                                                                                                                                                                                                                                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00160C51
                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00160C6D
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00160C84
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00160C8C
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00160C93
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00160CB4
                                                                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000), ref: 00160CBB
                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00160CEA
                                                                                                                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00160D0C
                                                                                                                                                                                                                                                                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00160D1E
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00160D45
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00160D4C
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00160D55
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00160D5C
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00160D65
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00160D6C
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00160D78
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00160D7F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00161193: GetProcessHeap.KERNEL32(00000008,00160BB1,?,00000000,?,00160BB1,?), ref: 001611A1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00161193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00160BB1,?), ref: 001611A8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00161193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00160BB1,?), ref: 001611B7
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: df3292c40711fc34f2fd60b76a2de36c9515da88d56271ba4212cdcb58e55ef2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a633918f7801051cc90df9d4188602d3df8908e1158921c8d03caa3e2a1cd682
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: df3292c40711fc34f2fd60b76a2de36c9515da88d56271ba4212cdcb58e55ef2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D871697690020AAFDF11DFE4DC44BAFBBB8BF09310F044626F954A6291D771AA55CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • OpenClipboard.USER32(0019CC08), ref: 0017EB29
                                                                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 0017EB37
                                                                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000D), ref: 0017EB43
                                                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0017EB4F
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0017EB87
                                                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0017EB91
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0017EBBC
                                                                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 0017EBC9
                                                                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(00000001), ref: 0017EBD1
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0017EBE2
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0017EC22
                                                                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000F), ref: 0017EC38
                                                                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000F), ref: 0017EC44
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0017EC55
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0017EC77
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0017EC94
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0017ECD2
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0017ECF3
                                                                                                                                                                                                                                                                                                                                                            • CountClipboardFormats.USER32 ref: 0017ED14
                                                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0017ED59
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fe33d8f345cdbf0b13182a809da652b045027fdd3d8b89385e34066a871fd57b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 87ab32b76bf0bd5d2f9c29d29f48323a4b9a4d152e7c215c7d6d22b4998671b4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe33d8f345cdbf0b13182a809da652b045027fdd3d8b89385e34066a871fd57b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F61F4342043019FD310EF64D894F2A7BF4AF98704F54855EF49A8B2A2DB70ED85CBA2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 001769BE
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00176A12
                                                                                                                                                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00176A4E
                                                                                                                                                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00176A75
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00109CB3: _wcslen.LIBCMT ref: 00109CBD
                                                                                                                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00176AB2
                                                                                                                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00176ADF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3d9dbe7d9a562bdf5860b14b740202fdd084b56ff4ed2571e72a2fa6779a89dc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ba3104b5e4c84c1e4f423ee1046a6bd15887e9445ceaf5714a091bc30b6b7ef3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d9dbe7d9a562bdf5860b14b740202fdd084b56ff4ed2571e72a2fa6779a89dc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86D15F72508340AFC314EBA4C991EABB7ECAF98704F44491DF5C9D7191EB74EA44CBA2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,75568FB0,?,00000000), ref: 00179663
                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 001796A1
                                                                                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,?), ref: 001796BB
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 001796D3
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 001796DE
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 001796FA
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 0017974A
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(001C6B7C), ref: 00179768
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00179772
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0017977F
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0017978F
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 81e34561622e319812a4911f211d704db1f7745c9d2511d42d080a319b4d59e1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6c3b0d7f3c2d6e459732bf4cd09ca2a357003849ed5fd31251a93739e3162621
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81e34561622e319812a4911f211d704db1f7745c9d2511d42d080a319b4d59e1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5131B532541219ABDF14EFB4EC49EDE77BCAF09320F148156F859E2190DB34DE888EA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,75568FB0,?,00000000), ref: 001797BE
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00179819
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00179824
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 00179840
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00179890
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(001C6B7C), ref: 001798AE
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 001798B8
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 001798C5
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 001798D5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0016DB00
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 58331dc8dd1f5a90d95307458e1fe2e09eb678cf815aa695ac2507a97dac5cc1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fd16f279f2082f4ff745f0c4a973f9fdfeb9a08dd966f52275c7e3ee9ecf85ff
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 58331dc8dd1f5a90d95307458e1fe2e09eb678cf815aa695ac2507a97dac5cc1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7231B23164165DAADF14EFB4EC48EDE77BDAF06320F148196E858A21D1DB30DE88CB61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0018B6AE,?,?), ref: 0018C9B5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018C998: _wcslen.LIBCMT ref: 0018C9F1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018C998: _wcslen.LIBCMT ref: 0018CA68
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018C998: _wcslen.LIBCMT ref: 0018CA9E
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0018BF3E
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0018BFA9
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0018BFCD
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0018C02C
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0018C0E7
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0018C154
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0018C1E9
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0018C23A
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0018C2E3
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0018C382
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0018C38F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 78bd50692601842c97a95d83fae8d01e67642f5571c10989d7f843be455ccf01
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2cf18d29364806b6c500ece7e1d2ffc48a4aa64979223e6cf89ae2906374dcba
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 78bd50692601842c97a95d83fae8d01e67642f5571c10989d7f843be455ccf01
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D1023C716042009FD714DF28C895E2ABBE5BF49314F19849DF88ADB2A2D731ED46CFA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLocalTime.KERNEL32(?), ref: 00178257
                                                                                                                                                                                                                                                                                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00178267
                                                                                                                                                                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00178273
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00178310
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00178324
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00178356
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0017838C
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00178395
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 84a503b383a0a107f085b0c36c8a44748b725051ab50233c4d2502dec3884f71
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 81001bbc0d1d065eef1edf26359411588916a9facc207c896eda0a1543fbae96
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84a503b383a0a107f085b0c36c8a44748b725051ab50233c4d2502dec3884f71
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B6158B25083059FCB10EF64D8849AEB3F8FF99314F04891EF99987251DB31E945CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00103AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00103A97,?,?,00102E7F,?,?,?,00000000), ref: 00103AC2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016E199: GetFileAttributesW.KERNEL32(?,0016CF95), ref: 0016E19A
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0016D122
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0016D1DD
                                                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0016D1F0
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 0016D20D
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0016D237
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0016D21C,?,?), ref: 0016D2B2
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,?,?), ref: 0016D253
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0016D264
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e8b45737f05636f9eaa9f217fdae4a6fcf19236215ff4cc2514d08b949d6f977
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 48ab0ed90a0648f0a25c95fba574e31a7bf95739249b7833d28489787ced9b86
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e8b45737f05636f9eaa9f217fdae4a6fcf19236215ff4cc2514d08b949d6f977
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8616D31D0110D9BCF05EBE0EEA29EEB7B9AF65300F608169E44277192EB705F19CB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: db4341fa038ad25a4c421d9edbaed8e58e1eea9d9d7d4e35a4ca559edc7f656b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 01dd6cf26611038d330866aaf0604cc10be33674675336245c0c9e936cce453e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: db4341fa038ad25a4c421d9edbaed8e58e1eea9d9d7d4e35a4ca559edc7f656b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6419F35604611AFD720CF15E848B19BBF5EF48318F14C49AE4598BBA2CB75ED81CBD0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001616C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0016170D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001616C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0016173A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001616C3: GetLastError.KERNEL32 ref: 0016174A
                                                                                                                                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(?,00000000), ref: 0016E932
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                            • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 067428a4bd830fb358bb668dab3361ab2fdce67e0095bcf56a938fdd06768448
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c87f67e6d93c3395fa080f7ad9eb573b539fb63f77e8812fdfecd49d254d994d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 067428a4bd830fb358bb668dab3361ab2fdce67e0095bcf56a938fdd06768448
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E01D67A610221AFFB5866B49C86FBB73ACAF14758F194622F802E21D1D7A15CA085E0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00181276
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00181283
                                                                                                                                                                                                                                                                                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 001812BA
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 001812C5
                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 001812F4
                                                                                                                                                                                                                                                                                                                                                            • listen.WSOCK32(00000000,00000005), ref: 00181303
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 0018130D
                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 0018133C
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6c1d809124e6c2bbb786c7aa43781917c4cb310fdde981d08a5ecd10b4e127bc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 687abeb8a15ad6db9c0dd37b644ccdc6b1ae1a4a57d175053812319075b7a77e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c1d809124e6c2bbb786c7aa43781917c4cb310fdde981d08a5ecd10b4e127bc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C5418431600110AFD714EF64D484B69BBE6BF46318F288199E8569F2D6C771ED82CFE1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013B9D4
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013B9F8
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013BB7F
                                                                                                                                                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,001A3700), ref: 0013BB91
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,001D121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0013BC09
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,001D1270,000000FF,?,0000003F,00000000,?), ref: 0013BC36
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013BD4B
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2921b78eae754b80085f740112a1a6c18013faad9e7c7074c85069f3d683e7a3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5c018730d0cb5da43323e67abcda8d219a17ad839d552c64522769e714df5b10
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2921b78eae754b80085f740112a1a6c18013faad9e7c7074c85069f3d683e7a3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7FC13671A08214AFDB24DF789CC1BAABBB9EF51310F24419AE694D7291FB319E41C750
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00103AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00103A97,?,?,00102E7F,?,?,?,00000000), ref: 00103AC2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016E199: GetFileAttributesW.KERNEL32(?,0016CF95), ref: 0016E19A
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0016D420
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 0016D470
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0016D481
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0016D498
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0016D4A1
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0ffd63cc3e25a2f8e8a3b9050843a7d4374af2e9667185eca92aec8ee76d7b4d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 09756b88d58d363a2b37683980f29eaf4b37ee9eef4f8292b4cf23eac2117f9e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ffd63cc3e25a2f8e8a3b9050843a7d4374af2e9667185eca92aec8ee76d7b4d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24316B315083459BC304EF64D8929AFB7A8BEA5304F844A1EF4D192191EB70AA19CBA3
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 085cb404040f873ad3ee90fa82cb98627480724cd818071f2411ee4f4c31ddd8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6a29637d330ed592110b9b532f2684da3d42ff82082816c919d63efb9cafd891
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 085cb404040f873ad3ee90fa82cb98627480724cd818071f2411ee4f4c31ddd8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAC22971E086288FDF29CE28DD407EAB7B5EB49305F1541EAD44DE7281E774AE868F40
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 001764DC
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00176639
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(0019FCF8,00000000,00000001,0019FB68,?), ref: 00176650
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 001768D4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f23ae9c56340d975c4b2b4f6c3c7a114ab49f207686432acf56398d15f641af0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5efc707a3c0656b0f533d428e13d2d6031190102751a4ed12e956e6bfe971b44
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f23ae9c56340d975c4b2b4f6c3c7a114ab49f207686432acf56398d15f641af0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2D14971508701AFD304EF24C891A6BB7E8FFA9704F00896DF5998B291EB70E945CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(?,?,00000000), ref: 001822E8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0017E4EC: GetWindowRect.USER32(?,?), ref: 0017E504
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00182312
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00182319
                                                                                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00182355
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00182381
                                                                                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 001823DF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5b642adf0308a7deef73eb6a7da6084584b81e6c24334d0f105d400047d2290e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f566a115e1b90381464a7d279e43f4a1f2a6689423c8899d34b3b6e14bb954c8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b642adf0308a7deef73eb6a7da6084584b81e6c24334d0f105d400047d2290e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7631B072504315AFD721EF54C845B9BB7E9FF88714F000A1AF98597191DB34EA48CBD2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00109CB3: _wcslen.LIBCMT ref: 00109CBD
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00179B78
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00179C8B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00173874: GetInputState.USER32 ref: 001738CB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00173874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00173966
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00179BA8
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00179C75
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7fe314f6e73d0d0652b843cff208df44ac9cf3b077951db60132b8447c9c7097
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7128f9153e5d426d87bd6e63854b3a796a3fa9139f325f0988c047729e06daaa
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7fe314f6e73d0d0652b843cff208df44ac9cf3b077951db60132b8447c9c7097
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B41827194420AAFCF15DF64C985EEEBBB8FF15310F148156E459A7191EB309E88CFA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00119BB2
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,?,?,?,?), ref: 00119A4E
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00119B23
                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 00119B36
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2b693c21d5cf23d433c41276b1f06b2c64ceade2af1cfa16696b703fa2a0cbc4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4f05ad385968d8200aa4e8dc459dfb5a4c01fa804ee8fb76ce8e1004349c1fde
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b693c21d5cf23d433c41276b1f06b2c64ceade2af1cfa16696b703fa2a0cbc4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59A1F770209444FEE62D9A2CBC69DFF369DEF46341B160129F832CB9D1CB259D89C2B5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0018307A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018304E: _wcslen.LIBCMT ref: 0018309B
                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0018185D
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00181884
                                                                                                                                                                                                                                                                                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 001818DB
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 001818E6
                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 00181915
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: be8220700f2aee6246e5f4fb8c0b4554f1338ec7665fca970cc33f7c69f8fbd0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ec39b8eb4a5d87e1b55bf4e9d3e5c42042e88df025ce004c9023987fc74e13ad
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: be8220700f2aee6246e5f4fb8c0b4554f1338ec7665fca970cc33f7c69f8fbd0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2551B571A00200AFDB10AF24C886F6A77E5AB59718F04809CF9455F3D3C7B1AD828BE1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3a7df4fbba6cb8f626dd90646044f72b08605f856312136ca2d4447af6183492
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1508e066ae0cbbdde403327bb67be5c9500fbd259de208f3bd9b7bb25debd681
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a7df4fbba6cb8f626dd90646044f72b08605f856312136ca2d4447af6183492
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8821A7317402126FDB248F1AD844B6A7BE5FF95325F598059E886CB351CB71EC82CBD1
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 80c4729ff763807739494e1cc84da8a704b7646a62fc8f5968b37a62e3b73654
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: aec7f28db27a4c7f96cd8753633d1bb969c79140fdf7393b615a93d80689b876
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80c4729ff763807739494e1cc84da8a704b7646a62fc8f5968b37a62e3b73654
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2A2B270E0461ACBDF28CF58C8407BDB7B2BF54314F2581AAE895AB295DBB09D81CF51
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0016AAAC
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080), ref: 0016AAC8
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0016AB36
                                                                                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0016AB88
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: eb2d5c91ef28f242c5eb4cfbb695725000059fb163cb21f81e4fe9c924d44c15
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9511e8fffeffccd474cbfa65e15f8d48f3655f1d774618c53cd3c841dad54c11
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb2d5c91ef28f242c5eb4cfbb695725000059fb163cb21f81e4fe9c924d44c15
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28311630A40208AFFB35CA658C05BFE7BAAAF45310F84421BF4C1A61D1D3759DA1CBA2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 0017CE89
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 0017CEEA
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000), ref: 0017CEFE
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8176388dbeeffca383048fc258a5409fa0be7443661b58afccd3366cda30b6eb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0d76519a1b4ee4322279ed0b4339fe80147f4801cff803b29e6b0bc13902c70a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8176388dbeeffca383048fc258a5409fa0be7443661b58afccd3366cda30b6eb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B221ACB1500705AFEB30DFA5D948BA7BBFCEB50354F10841EE68AD2151EB70EE448BA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,?,00000000), ref: 001682AA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ($|
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1659193697-1631851259
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c81fdcb10eac8eea4f469c77ad7b1aad863b4abed29347defb0210f039f819bc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 16b8b9ff3feaf18dedf9aaefc749f0c08984798b58f2b034068dcd02b894679d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c81fdcb10eac8eea4f469c77ad7b1aad863b4abed29347defb0210f039f819bc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C9323475A007059FCB28CF59C481AAAB7F0FF48710B15C56EE49ADB3A1EB70E991CB44
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00175CC1
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00175D17
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(?), ref: 00175D5F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 21182c4ab60517c5423329fa5a24aa04e958db7292cdc849362e3a44580a73d2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b179458eaf9141b92350e2008b7963f8f7f4899e78968be28ff7d1064183572f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21182c4ab60517c5423329fa5a24aa04e958db7292cdc849362e3a44580a73d2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8518874604A019FC718CF68C894A9AB7F5FF49314F14855EE99A8B3A2CB70ED44CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 0013271A
                                                                                                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00132724
                                                                                                                                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00132731
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7f5c05ae4d18fca5df58d4c70166f26bcd8879ee6de10493eb5529ddfca58468
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ae8c31fc8e6e0092371a5e20bc37d398236b22d53f4b3049a120f7cf3084f99d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f5c05ae4d18fca5df58d4c70166f26bcd8879ee6de10493eb5529ddfca58468
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E731B774911228ABCB21DF64DC8979DB7B8BF18310F5042DAE41CA7261E7309F918F85
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 001751DA
                                                                                                                                                                                                                                                                                                                                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00175238
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 001752A1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 44a768e29505a542bb34c9dbaafcb2499e89098d5ccdc5b39f76b8ba08ecb8ec
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 177e272870d827f58fe90583c3a638a38401dfdb984ca6a8407786883890257e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44a768e29505a542bb34c9dbaafcb2499e89098d5ccdc5b39f76b8ba08ecb8ec
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97316F75A00518DFDB00DF54D884EADBBF5FF49314F088099E849AB3A2DB71E856CBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0011FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00120668
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0011FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00120685
                                                                                                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0016170D
                                                                                                                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0016173A
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0016174A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1b95c68097600980af44587af532b2da1a22423a7455858a13c966c5ad12ecff
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3eb0769bf0f814f87a6bf6f7981905df39b64331503b356b4b4ecffc0dc3ccea
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b95c68097600980af44587af532b2da1a22423a7455858a13c966c5ad12ecff
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D1191B2404304BFD7189F54EC86DABB7B9EB44714B24852EF05657681EB70BC918B60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0016D608
                                                                                                                                                                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0016D645
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0016D650
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: be9b06fe2632fc14b444a0bcadc3766a8ff2d33da919ee5a1c3b637c8f68f1e1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e2ecfc9e10236235229f0058f0e5181d9757a6484f4e749c34f130dacce32dbf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: be9b06fe2632fc14b444a0bcadc3766a8ff2d33da919ee5a1c3b637c8f68f1e1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2115E75E05228BFDB108F95EC45FAFBBBCEB45B50F108126F904E7290D6704A058BE1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0016168C
                                                                                                                                                                                                                                                                                                                                                            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 001616A1
                                                                                                                                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?), ref: 001616B1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 131e2999524496d3e71ed990739df34316ede5559b9f0504a147e80d40c57710
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 287ac5c6f7dc524abf62e285b0bf34f5642969dff04c0b1b51d18573118e9d0b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 131e2999524496d3e71ed990739df34316ede5559b9f0504a147e80d40c57710
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2CF04475940308FBDB00CFE0CC89AAEBBBCFB08200F544561E500E2180E370AA448A90
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: /
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4c4514cf3740e67d6ce2699bf99a0f2e983ad98b9d749f7605a64f99a47c5296
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b2689deea00cb65b01824313e1c8f7fd49f16b1864d9cf357698ae17e2b34bee
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c4514cf3740e67d6ce2699bf99a0f2e983ad98b9d749f7605a64f99a47c5296
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB412676900219AFCB249FB9DC49EAB77B8FB84314F104269F915E7180E770AD81CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetUserNameW.ADVAPI32(?,?), ref: 0015D28C
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                            • String ID: X64
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ae0babaf3a45fb458e857d21e8db98a380a9e794804fad50a2bf4280c9b3a1ec
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 76fce8d57b79dffb0e5e013846fcbd6071e4a2bc883acaa9a8d1ec72817f7c7a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae0babaf3a45fb458e857d21e8db98a380a9e794804fad50a2bf4280c9b3a1ec
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AED0C9B480511DEECB98CB90EC88DDEB37CBB04305F100152F506A2000DB7095888F20
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bc9b57154066d469edf54d2542ddf532e7632610d734908f198d9d5f84021729
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C5022C71E002299FDF14CFA9D9806ADFBF1EF98314F25816AD919E7384D731AA518BC0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00176918
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00176961
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9b03b5de66e2af315378c9f88b73d2fb4d9b75322ef0a5ab4ecea9004def9a6a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 98f2d77a0c58aecc032aea8578ab666d607bd6edc822c556b322a0efe6abcf77
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b03b5de66e2af315378c9f88b73d2fb4d9b75322ef0a5ab4ecea9004def9a6a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 061190716046019FC710DF29D884A16BBE5FF85328F14C699E5A98F6A2CB70EC45CBD1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00184891,?,?,00000035,?), ref: 001737E4
                                                                                                                                                                                                                                                                                                                                                            • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00184891,?,?,00000035,?), ref: 001737F4
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8bc0c33225cf33db282d639a199b48a220b33ca625a8cfa068bc3435db0db3e3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0060d9ccf264bb63530e8c4840cd5237a7ecc117430f1816df80524f28e35eca
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8bc0c33225cf33db282d639a199b48a220b33ca625a8cfa068bc3435db0db3e3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75F0E5B16042282AEB2017668C4DFEB3BAEEFC8761F000165F509D2291DA609944C6F0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0016B25D
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(?,76C1C0D0,?,00000000), ref: 0016B270
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 151914ec75855562b5b2c234fd40b4d85303efc2333fc4806824e41b77f1d846
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3c7713b486a746181950cdb3e57bceff22cfe2c796637ce55a11b2c9c17e02f3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 151914ec75855562b5b2c234fd40b4d85303efc2333fc4806824e41b77f1d846
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3EF01D7190428EABDB059FA0C845BBE7BB4FF04305F00801AF955A5192D37996519F94
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,001611FC), ref: 001610D4
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,001611FC), ref: 001610E9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9ebf816f8366709f7a43158e13ea0dbeb1440433b5a6963e46baa58a45b4d009
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 301134cb949b5f5c8c582f39298fc0edceb6a9c1b4a07b847433fdfe750f45d2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ebf816f8366709f7a43158e13ea0dbeb1440433b5a6963e46baa58a45b4d009
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4AE0BF72018610AEEB252B51FC05EB777A9EB04310F14882EF5A5804B1DB626CE1DB50
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            • Variable is not of type 'Object'., xrefs: 00150C40
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: Variable is not of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1840281001
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a6ead9c195112b0cd74c592532c5198efa7f5b15410c2656947098a4ee7d7d12
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0490b9db492e5694e0433fd1b985bf0d11e79d434acceee21ae61ba26422bc97
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6ead9c195112b0cd74c592532c5198efa7f5b15410c2656947098a4ee7d7d12
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5832BF70900219DBDF18DF94C981AEDB7B5FF19304F204169E856AB2C1DBB1AE49CF91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00136766,?,?,00000008,?,?,0013FEFE,00000000), ref: 00136998
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3e9f9f136e6e4d8f354f4e8877bdc28e938d6c8d21eefddea66c6a59d144be03
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9366073d36219d94b9639bf9f9545c35946a30bf27a53aaec4a22727106f0520
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e9f9f136e6e4d8f354f4e8877bdc28e938d6c8d21eefddea66c6a59d144be03
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7B13C71510608EFDB19CF28C48AB657BE0FF49368F25C698E899CF2A2C735D991CB40
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4dd97957b0f65c506a22f38af7394fbccd31f6a06651002d38ba683550e66b9f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 335c596b0ca257e083a558a455ada2b6fadce90fa6a84d0b0be23934d5d44d97
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4dd97957b0f65c506a22f38af7394fbccd31f6a06651002d38ba683550e66b9f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4126F71904229DFDB18CF58C8806EEB7F5FF48710F1581AAE859EB255EB309A85CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • BlockInput.USER32(00000001), ref: 0017EABD
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d799280065d6d6b6d1978360f55fcf4e58d4699d138473baa1006ea2eaeddd5e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0eff16ea5765b2270fa6e2b2541b2e710fcc436e1967ed505f6283ac748139aa
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d799280065d6d6b6d1978360f55fcf4e58d4699d138473baa1006ea2eaeddd5e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0E01A312002049FC710EF59E844E9AB7E9AFAC760F008456FC89C7391DBB0A8408B91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,001203EE), ref: 001209DA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 84d36fb303a74fa0c6f318ee562e40639dcf59ba37471b7e37cd8bd0b3ac980a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f1c24904ebf8bac09b1c236717094e959c664828d5d86104ad3817fcb5cc9857
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84d36fb303a74fa0c6f318ee562e40639dcf59ba37471b7e37cd8bd0b3ac980a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e3b0ead2b33044d51f1931d69c4ef5912520dec40ded3185af04f11fd975167d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5951747160C7359BDF3C8538B85ABBF63899B22314F180509E982D72C2CB11EEB1D352
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f00e4f61e9f7d8e5ad635cbaaaf80e672879c74d595ba664fb2f28006828be0f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 164b574fe43a26833b18f15c7f4e9ffe1a5cfcdaa37402a334125180e750db10
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f00e4f61e9f7d8e5ad635cbaaaf80e672879c74d595ba664fb2f28006828be0f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44322262D29F014DD7279638CC22336A689AFB73C5F15D737E81AB5DAAEB29C4C34100
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1eb86e00987ba2d31398262a97f3254e705deb460d679249f8bd2e973ada8e29
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cd027de2f68fc452e601f89cbd5d4e910cc82cb0ad3f05d70058443aa25e74cd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1eb86e00987ba2d31398262a97f3254e705deb460d679249f8bd2e973ada8e29
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1932F231A00315CFCF2CCE68C4946BD7BA1EB85316F29816ADC699F691E330DD89DAC1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 68a3caa4e10d0f289d51293a166b4b3ecb74aafe896eb1b611b0d5f5a7a8f28a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9adbbcc4d2e8751ad7ea21bdbf1c1297c9c45a8bd5f26d0b427b0c43d0ceab32
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68a3caa4e10d0f289d51293a166b4b3ecb74aafe896eb1b611b0d5f5a7a8f28a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB22B070E04609DFDF14CF64D881AAEB7B2FF58300F144629E856AB2E2EB75AD51CB50
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7d7b0d2a12a49fcdc56ccfcb5c2353297c43e287cbf692145bf201ce766c60d4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 59961a8fdba6252fc77dbe005b5346ee91ce11ff74b3c7b2472fdedd8e22b567
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d7b0d2a12a49fcdc56ccfcb5c2353297c43e287cbf692145bf201ce766c60d4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3202A5B0E00205EFDF04DF64D891AAEB7F5FF54300F218169E8569B291EB71EA61CB91
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 60b2e213639a351a19d338620a4e55cb0c52dcbdfdd8b2b2ba1879df1f2cd542
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8bf7860fba1ff15c65319d05109f83ea0c51e530f759c8d23c28bda0a1426546
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 60b2e213639a351a19d338620a4e55cb0c52dcbdfdd8b2b2ba1879df1f2cd542
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7FB1DF20E2AF414DD62396398831336B65CBFBB6D5F91D71BFC6674D22EB2286C34140
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8effa9b054f5ba59c7d15d1bd81f831ef88421c3ffcd319021370d4f08bc90b8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B9176735080B35ADB2EC67AA53407EFFE15A623A131A079DD4F2CA1C5FF249974D620
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e49ae41259638469567773c6cdea2f98d70c636f6c5d6bdbb88df06b924d7b0b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A9145732090B35ADB6D8239957443EFFE15A923A131A079DE4F2CA1D5EF348978D620
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9566cabafaaf2e7ac2bc6296b473f64c247d49382d035ca4d1f901852b684d60
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B9110722090F35EDB2D867AA57407DFEF15AA23A131A07AED4F2CB1C5FF2485749620
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1de71abf10b719910b426d0a2f6427cf94d3920d9b68c09ddd30239da619e214
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6d1df2295fc8bb4a4aecf1e419e5cfe766c00dcb0e84f30a24f0073b78c83b55
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1de71abf10b719910b426d0a2f6427cf94d3920d9b68c09ddd30239da619e214
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E61487160873A9ADF38AA28BC96BBF2394DF51710F18091EE842DB2C1DB119E72C755
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b054c1352361d37842317ef2d938e7d7d779bab3c52a859a42ad211c08c1bec7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bb4a71f59cdb5ee452a36091b89247aa5027e1b3d7bfd000b46baff1e1e282c0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b054c1352361d37842317ef2d938e7d7d779bab3c52a859a42ad211c08c1bec7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E61893520873D57DE3D5AA87851BBF2384EF52740F110959E842DB2C1DB12ED728366
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 52d7cf6eb2f95cc75c932fbed98c190458b7ce2d36dc7704ffed05750a3ea4db
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE8174736080B35ADF2DC23AA57403EFFE15AA23A531A079DD4F2CA1C1EF248574E620
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4881f072613ad1c0efd204aa5ff2cdc5513157f84c40ae043fc4a226a0e078a0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8cedf51d203c6e54c1e854de30e8a15996cdd0fe193822178c0a13379f4d6fde
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4881f072613ad1c0efd204aa5ff2cdc5513157f84c40ae043fc4a226a0e078a0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6221A8326216118BD728CF79C81267E73E5A764310F198A2EE4A7C37D0DE35A944C790
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00182B30
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00182B43
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32 ref: 00182B52
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00182B6D
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00182B74
                                                                                                                                                                                                                                                                                                                                                            • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00182CA3
                                                                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00182CB1
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00182CF8
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 00182D04
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00182D40
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00182D62
                                                                                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00182D75
                                                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00182D80
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00182D89
                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00182D98
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00182DA1
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00182DA8
                                                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00182DB3
                                                                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00182DC5
                                                                                                                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,0019FC38,00000000), ref: 00182DDB
                                                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00182DEB
                                                                                                                                                                                                                                                                                                                                                            • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00182E11
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00182E30
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00182E52
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0018303F
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7a7c92ad98d2476964ea0d93a1b927eb5047856dd3c232277661682f23444453
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6b001f396553970518e20ac4e81bb2ae9b31e55d6890b910e8c9525fe2eb6f92
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a7c92ad98d2476964ea0d93a1b927eb5047856dd3c232277661682f23444453
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0026971900204AFDB14DFA4DC89EAE7BB9FF48714F048159F955AB2A1CB74AE41CFA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 0019712F
                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00197160
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 0019716C
                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,000000FF), ref: 00197186
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00197195
                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 001971C0
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000010), ref: 001971C8
                                                                                                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(00000000), ref: 001971CF
                                                                                                                                                                                                                                                                                                                                                            • FrameRect.USER32(?,?,00000000), ref: 001971DE
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 001971E5
                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 00197230
                                                                                                                                                                                                                                                                                                                                                            • FillRect.USER32(?,?,?), ref: 00197262
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00197284
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001973E8: GetSysColor.USER32(00000012), ref: 00197421
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001973E8: SetTextColor.GDI32(?,?), ref: 00197425
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001973E8: GetSysColorBrush.USER32(0000000F), ref: 0019743B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001973E8: GetSysColor.USER32(0000000F), ref: 00197446
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001973E8: GetSysColor.USER32(00000011), ref: 00197463
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001973E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00197471
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001973E8: SelectObject.GDI32(?,00000000), ref: 00197482
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001973E8: SetBkColor.GDI32(?,00000000), ref: 0019748B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001973E8: SelectObject.GDI32(?,?), ref: 00197498
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001973E8: InflateRect.USER32(?,000000FF,000000FF), ref: 001974B7
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001973E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 001974CE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001973E8: GetWindowLongW.USER32(00000000,000000F0), ref: 001974DB
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a00dcbce002935007f739975c3e00596ba05dd44ce4fe2e9d451540c7fdcdddc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7d78d7cbfa8c7237bc78e10bf398ad4fa1274beb07054241d6e7c82761b702d9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a00dcbce002935007f739975c3e00596ba05dd44ce4fe2e9d451540c7fdcdddc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10A1B572118301FFDB019F60DC48E5B7BA9FF89320F140A2AF9A2961E1D771E984CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?), ref: 00118E14
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001308,?,00000000), ref: 00156AC5
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00156AFE
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00156F43
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00118F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00118BE8,?,00000000,?,?,?,?,00118BBA,00000000,?), ref: 00118FC5
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001053), ref: 00156F7F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00156F96
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00156FAC
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00156FB7
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9365d310c40e6c42192536e2518055178293c6fc73c7d64aaa5589e91d67e06c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f3b1fa8ce760101137850b29b18cec9e8ffd16f4780ac5aa9fdbeb0ce6ce975c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9365d310c40e6c42192536e2518055178293c6fc73c7d64aaa5589e91d67e06c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B12BF30602201EFDB29CF14D894BE5B7F1FB45306F94846AF8A58B661CB31EC95DB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000), ref: 0018273E
                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0018286A
                                                                                                                                                                                                                                                                                                                                                            • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 001828A9
                                                                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 001828B9
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00182900
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 0018290C
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00182955
                                                                                                                                                                                                                                                                                                                                                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00182964
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00182974
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00182978
                                                                                                                                                                                                                                                                                                                                                            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00182988
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00182991
                                                                                                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 0018299A
                                                                                                                                                                                                                                                                                                                                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 001829C6
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000,00000001), ref: 001829DD
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00182A1D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00182A31
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000404,00000001,00000000), ref: 00182A42
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00182A77
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00182A82
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00182A8D
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00182A97
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e550c9e5683471e664002583a9b25769c77e9edf163c8bc82a02b8b15f0ed665
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f0b9c971b35b2d1dbad6f3d91e93b0685acf232325dbf7538047bb5854207c88
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e550c9e5683471e664002583a9b25769c77e9edf163c8bc82a02b8b15f0ed665
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67B14971A01215BFEB14DFA8DC8AEAE7BA9FB08710F008115F955EB6D0D774AD40CBA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00174AED
                                                                                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,0019CB68,?,\\.\,0019CC08), ref: 00174BCA
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,0019CB68,?,\\.\,0019CC08), ref: 00174D36
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 53ba723ce50fd9f0314f78cb8077d12657104d7004f1e5cb933d5d7db5a61601
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d8040ef51a2e031d9488ba81c08a8c7ef3c0e6895bb2e1f48df5c909f42d5419
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 53ba723ce50fd9f0314f78cb8077d12657104d7004f1e5cb933d5d7db5a61601
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A161BF31605205DBCB19DF68CA82E7977B0AF24340B25C01AF88EAB692DB75ED41DB81
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000012), ref: 00197421
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 00197425
                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 0019743B
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00197446
                                                                                                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(?), ref: 0019744B
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000011), ref: 00197463
                                                                                                                                                                                                                                                                                                                                                            • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00197471
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00197482
                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 0019748B
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00197498
                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 001974B7
                                                                                                                                                                                                                                                                                                                                                            • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 001974CE
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 001974DB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0019752A
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00197554
                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FD,000000FD), ref: 00197572
                                                                                                                                                                                                                                                                                                                                                            • DrawFocusRect.USER32(?,?), ref: 0019757D
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000011), ref: 0019758E
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 00197596
                                                                                                                                                                                                                                                                                                                                                            • DrawTextW.USER32(?,001970F5,000000FF,?,00000000), ref: 001975A8
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 001975BF
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 001975CA
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 001975D0
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 001975D5
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 001975DB
                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,?), ref: 001975E5
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ada0231cfc0effb1c3c5c8c073825b291ca84440ed8ffca4a1eb9d41fc4c8c2b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fcfdc4d9bd7cbd7dc815ad56af0b333155ad65f5d1551baed7ba15502e4d879d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ada0231cfc0effb1c3c5c8c073825b291ca84440ed8ffca4a1eb9d41fc4c8c2b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30613C72904218AFEF019FA4DC49AEE7FB9EF09320F114126F915AB2A1D7759980CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00191128
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0019113D
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00191144
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00191199
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 001911B9
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 001911ED
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0019120B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0019121D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000421,?,?), ref: 00191232
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00191245
                                                                                                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(00000000), ref: 001912A1
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 001912BC
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 001912D0
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 001912E8
                                                                                                                                                                                                                                                                                                                                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 0019130E
                                                                                                                                                                                                                                                                                                                                                            • GetMonitorInfoW.USER32(00000000,?), ref: 00191328
                                                                                                                                                                                                                                                                                                                                                            • CopyRect.USER32(?,?), ref: 0019133F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000), ref: 001913AA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                            • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a71884e2b9127cc8c4e653657f7e83e3cb8b426f8ab798b6c8f068ff261d85e4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 58965dbfd88043579dc74bef5950121741afacfbea274dd56bdcf33d52147228
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a71884e2b9127cc8c4e653657f7e83e3cb8b426f8ab798b6c8f068ff261d85e4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4B17F71608341AFDB14DF64C885B6ABBE4FF98354F00891DF9999B2A1CB71EC84CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 001902E5
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0019031F
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00190389
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 001903F1
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00190475
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 001904C5
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00190504
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0011F9F2: _wcslen.LIBCMT ref: 0011F9FD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00162258
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0016228A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 95a481a8bc8be33761e07385ebadd10dcacb5476a5795454f54b13c4a3fdbda8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 28db34764e3db507b6c331e8fbd8f8d9f7e46c8d4d9eba1db8edbde516407376
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95a481a8bc8be33761e07385ebadd10dcacb5476a5795454f54b13c4a3fdbda8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FDE1B1312082018FCB19DF24C95196AB7E6BFEC718F15496CF896AB3A1DB70ED45CB42
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00118968
                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000007), ref: 00118970
                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0011899B
                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000008), ref: 001189A3
                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 001189C8
                                                                                                                                                                                                                                                                                                                                                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 001189E5
                                                                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 001189F5
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00118A28
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00118A3C
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,000000FF), ref: 00118A5A
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00118A76
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00118A81
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0011912D: GetCursorPos.USER32(?), ref: 00119141
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0011912D: ScreenToClient.USER32(00000000,?), ref: 0011915E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0011912D: GetAsyncKeyState.USER32(00000001), ref: 00119183
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0011912D: GetAsyncKeyState.USER32(00000002), ref: 0011919D
                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(00000000,00000000,00000028,001190FC), ref: 00118AA8
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dcbda62f1d536116d743dcaa5778ccc603299ee882e33d4d29c3e2fae74b6988
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a93d8fd0b474daa1f8d728a4eb40a17a0d820c5544308cbc4f7387c0ec3872c3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dcbda62f1d536116d743dcaa5778ccc603299ee882e33d4d29c3e2fae74b6988
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CEB17371600209EFDB18DFA8DD55BEE77B5FB48315F11422AFA159B290DB309881CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001610F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00161114
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001610F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00160B9B,?,?,?), ref: 00161120
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001610F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00160B9B,?,?,?), ref: 0016112F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001610F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00160B9B,?,?,?), ref: 00161136
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001610F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0016114D
                                                                                                                                                                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00160DF5
                                                                                                                                                                                                                                                                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00160E29
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00160E40
                                                                                                                                                                                                                                                                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00160E7A
                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00160E96
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00160EAD
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00160EB5
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00160EBC
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00160EDD
                                                                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000), ref: 00160EE4
                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00160F13
                                                                                                                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00160F35
                                                                                                                                                                                                                                                                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00160F47
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00160F6E
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00160F75
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00160F7E
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00160F85
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00160F8E
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00160F95
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00160FA1
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00160FA8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00161193: GetProcessHeap.KERNEL32(00000008,00160BB1,?,00000000,?,00160BB1,?), ref: 001611A1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00161193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00160BB1,?), ref: 001611A8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00161193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00160BB1,?), ref: 001611B7
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 813d54520000fd6fa5d106fbe03a75691f9143ea62dbe41c7734a5991f706249
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 85c47257a9d20341e6010c11f09c407d36414cc1fd4845179aebb8b69a0441ff
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 813d54520000fd6fa5d106fbe03a75691f9143ea62dbe41c7734a5991f706249
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F716B7290021AEBDF22DFA4DC44FAFBBB8BF19300F044165F959E6191D7319A55CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0018C4BD
                                                                                                                                                                                                                                                                                                                                                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,0019CC08,00000000,?,00000000,?,?), ref: 0018C544
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0018C5A4
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0018C5F4
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0018C66F
                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0018C6B2
                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0018C7C1
                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0018C84D
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0018C881
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0018C88E
                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0018C960
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f432babae18c47744002f4bdf98a611530f17358ec65b3f313f8e92a9d6f03d0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5c314722d5f3f0b2831bae5910e26783737f81b284c8bc243f492f1e598aa9f9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f432babae18c47744002f4bdf98a611530f17358ec65b3f313f8e92a9d6f03d0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 781255356042019FDB14EF24D891A6AB7E5EF88714F04889DF88A9B3A2DB71FD41CF91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 001909C6
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00190A01
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00190A54
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00190A8A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00190B06
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00190B81
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0011F9F2: _wcslen.LIBCMT ref: 0011F9FD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00162BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00162BFA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3983ee3d32340e3cfb1d91a86bd4cb26c1040ce8721f34e1d74d95772bae45a5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6ee12e06f76251f5fc1e664e951493492da4f3e1a0cf9ad9365f0bd3b6035368
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3983ee3d32340e3cfb1d91a86bd4cb26c1040ce8721f34e1d74d95772bae45a5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1E1C0352087018FCB15DF24C45096AB7E1FFA8318F15895CF896AB3A2DB71ED85CB82
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b3b10b9b6fb4a722a207061ac6870ea6fe68c326b14e5a1b0a83f1aefb41f1d6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d81646b8b846b09cd3e1e7efe89e41ec5984e59464fb95e6f683e2f989d4df9b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b3b10b9b6fb4a722a207061ac6870ea6fe68c326b14e5a1b0a83f1aefb41f1d6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6171F73260052A8BCB14FE7CD951ABB3391ABB0794B150529F866A7284F771CF85CBF0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0019835A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0019836E
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00198391
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 001983B4
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 001983F2
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00195BF2), ref: 0019844E
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00198487
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 001984CA
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00198501
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 0019850D
                                                                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0019851D
                                                                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,?,?,?,00195BF2), ref: 0019852C
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00198549
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00198555
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                            • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ead7c1c772659f852730db5bdfd9eb7b576891bf90233301b23df5ffe6fa05b0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 941eb41fb0f925cb2d1965251867585b372fd8b223db8acfe7a591b109b5cd28
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ead7c1c772659f852730db5bdfd9eb7b576891bf90233301b23df5ffe6fa05b0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B561CC71A00215BFEF14DF64DC81BBE77A8BF19B21F10460AF855D61D1DBB4AA90CBA0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 15bcee0c8ae40fece027ec8497f9b5cb50686740ebc0c16866f3ee2b457b0ab3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: eff7473db6690231562d09d72f01ea6f26187125712d0145863521d0579bc296
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15bcee0c8ae40fece027ec8497f9b5cb50686740ebc0c16866f3ee2b457b0ab3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29813771A04205BBDF24BF60DC42FAE37A9AF65740F054025F845AB1D3EBB0E952C7A1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharLowerBuffW.USER32(?,?), ref: 00173EF8
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00173F03
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00173F5A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00173F98
                                                                                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?), ref: 00173FD6
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0017401E
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00174059
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00174087
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                            • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6dce78e0173e2ed1c46aa0810aec60cde0a1ef7905c4d62c146e79bc5820899f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e49b171df9990d6e10bb92e45cbe6a0700aa6102a2ee28fa4792f019f572133c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6dce78e0173e2ed1c46aa0810aec60cde0a1ef7905c4d62c146e79bc5820899f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8871E2726042119FC710EF24C88196EB7F4EFA4754F10892DF9E997291EB31ED45CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000063), ref: 00165A2E
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00165A40
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 00165A57
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00165A6C
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00165A72
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00165A82
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00165A88
                                                                                                                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00165AA9
                                                                                                                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00165AC3
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00165ACC
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00165B33
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 00165B6F
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00165B75
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00165B7C
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00165BD3
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00165BE0
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000005,00000000,?), ref: 00165C05
                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00165C2F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 32b980924aa9d2a5c9576dc598820cae676f6592bbdabffee4d65ddd64299d4d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5396400bc6a908f81501ff7b85e2edf151ad1e2158a8def3701a06290bedf68a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 32b980924aa9d2a5c9576dc598820cae676f6592bbdabffee4d65ddd64299d4d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B717D31900B09AFDB20DFA8CE85AAEBBF6FF48705F104519E582A36A0D775E954CB50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F89), ref: 0017FE27
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F8A), ref: 0017FE32
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 0017FE3D
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F03), ref: 0017FE48
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F8B), ref: 0017FE53
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F01), ref: 0017FE5E
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F81), ref: 0017FE69
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F88), ref: 0017FE74
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F80), ref: 0017FE7F
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F86), ref: 0017FE8A
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F83), ref: 0017FE95
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F85), ref: 0017FEA0
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F82), ref: 0017FEAB
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F84), ref: 0017FEB6
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F04), ref: 0017FEC1
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 0017FECC
                                                                                                                                                                                                                                                                                                                                                            • GetCursorInfo.USER32(?), ref: 0017FEDC
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0017FF1E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6bc125bd7d448e06fef7dfbcf0c3c786ab43feb02ebd10569217cf640013bd1b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a4c1096cf32157a66bb60fe99711ec6d10d56dbed8068eca029c50b5eb0c875f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6bc125bd7d448e06fef7dfbcf0c3c786ab43feb02ebd10569217cf640013bd1b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C64124B1D083196ADB109FBA8C8985EBFF8FF04754B50852AF11DE7281DB789901CE91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 001200C6
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001200ED: InitializeCriticalSectionAndSpinCount.KERNEL32(001D070C,00000FA0,235786BB,?,?,?,?,001423B3,000000FF), ref: 0012011C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001200ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,001423B3,000000FF), ref: 00120127
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001200ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,001423B3,000000FF), ref: 00120138
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001200ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0012014E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001200ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0012015C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001200ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0012016A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001200ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00120195
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001200ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 001201A0
                                                                                                                                                                                                                                                                                                                                                            • ___scrt_fastfail.LIBCMT ref: 001200E7
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001200A3: __onexit.LIBCMT ref: 001200A9
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00120122
                                                                                                                                                                                                                                                                                                                                                            • kernel32.dll, xrefs: 00120133
                                                                                                                                                                                                                                                                                                                                                            • SleepConditionVariableCS, xrefs: 00120154
                                                                                                                                                                                                                                                                                                                                                            • WakeAllConditionVariable, xrefs: 00120162
                                                                                                                                                                                                                                                                                                                                                            • InitializeConditionVariable, xrefs: 00120148
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                            • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a2622b6fb198d4becb291a6abfcadcaa9f90dd109db49aa9c543d245ab149865
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 43c81207e179f92408c1f403234471fcfa8736f4f6a9e0104b1e03b350c4e32c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2622b6fb198d4becb291a6abfcadcaa9f90dd109db49aa9c543d245ab149865
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8210B32645720ABE7125BB4BC46B6E37D4EB0DB51F01023BF841D6A92DB70DC908AD4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1219778d205d0c5cdc6ab14c2c0a9c80ee0a68b2db8baa26b9d27f0d1757f0e9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 333100f251b55a985825b7b01c8d0cf634a8f4918802ec66b0081fbf88fc6ee8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1219778d205d0c5cdc6ab14c2c0a9c80ee0a68b2db8baa26b9d27f0d1757f0e9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4E1E532A005269BCB189F68CC51BEDFBB1BF64710F55812DE466B7280DF30AEA5C790
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharLowerBuffW.USER32(00000000,00000000,0019CC08), ref: 00174527
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0017453B
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00174599
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 001745F4
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0017463F
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 001746A7
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0011F9F2: _wcslen.LIBCMT ref: 0011F9FD
                                                                                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,001C6BF0,00000061), ref: 00174743
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9a4de9d26e1f84be1251608dccd9307756a58f9e2a43a6e91dec7bb8746207e0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2f2fdbf009a74a5508d0a5b58fd23196af01b3da683d646939bb74e4eaca58ba
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a4de9d26e1f84be1251608dccd9307756a58f9e2a43a6e91dec7bb8746207e0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7DB1E1716083029FC714DF28C890A6AB7F5BFA9764F508A1DF49AC7291E770DC85CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,0019CC08), ref: 001840BB
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 001840CD
                                                                                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,0019CC08), ref: 001840F2
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,0019CC08), ref: 0018413E
                                                                                                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028,?,0019CC08), ref: 001841A8
                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000009), ref: 00184262
                                                                                                                                                                                                                                                                                                                                                            • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 001842C8
                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 001842F2
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                                                                                                                            • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4e044326fa76466fcb66f021ed901c74dfd6eb9c298da8fde6d2f2639673cd75
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1b1940e541a11bdca7eec2e8e0d4bc83b3bb7e725703d5ecaac173b1df7b3d72
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e044326fa76466fcb66f021ed901c74dfd6eb9c298da8fde6d2f2639673cd75
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C122A75A00216EFDB14DF94C884EAEBBB5FF49314F248099E9459B251DB31EE42CFA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(001D1990), ref: 00142F8D
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(001D1990), ref: 0014303D
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00143081
                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0014308A
                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(001D1990,00000000,?,00000000,00000000,00000000), ref: 0014309D
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 001430A9
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4ad93663359bf7e34e76247a5635892b091e9a39964cbe2b2847303f574ad9a2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d10e0071ab4554268418849b8fbd72f9dc0c057a5f4c1913d220dcfed7cd95b7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ad93663359bf7e34e76247a5635892b091e9a39964cbe2b2847303f574ad9a2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5710871644205BFFB258F64CC49FAABF68FF05364F204216F524AA1E1C7B1ADA4DB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,?), ref: 00196DEB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00106B57: _wcslen.LIBCMT ref: 00106B6A
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00196E5F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00196E81
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00196E94
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00196EB5
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00100000,00000000), ref: 00196EE4
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00196EFD
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00196F16
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00196F1D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00196F35
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00196F4D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119944: GetWindowLongW.USER32(?,000000EB), ref: 00119952
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e4c3347c5d1a83fc6a4ae4ea5e9e02e5934b0cab0e8e7051b2fb9b01baa734af
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 54d9dd3f556d4767624a47deb2732a50f50e650f17844da44d9b85efe084b7bf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e4c3347c5d1a83fc6a4ae4ea5e9e02e5934b0cab0e8e7051b2fb9b01baa734af
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32715774104244AFDB25CF18DC54FBABBE9FB89304F44041EF999872A1C770E946CB62
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00119BB2
                                                                                                                                                                                                                                                                                                                                                            • DragQueryPoint.SHELL32(?,?), ref: 00199147
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00197674: ClientToScreen.USER32(?,?), ref: 0019769A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00197674: GetWindowRect.USER32(?,?), ref: 00197710
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00197674: PtInRect.USER32(?,?,00198B89), ref: 00197720
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 001991B0
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 001991BB
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 001991DE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00199225
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 0019923E
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 00199255
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 00199277
                                                                                                                                                                                                                                                                                                                                                            • DragFinish.SHELL32(?), ref: 0019927E
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00199371
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4437e9e99e17bb85e997497314ac9418acd6a53a42aa69f08317112ad3574d23
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 440a418867f3564526a37a548e4855fa913100d29b969b8fa320e1d33c9ad683
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4437e9e99e17bb85e997497314ac9418acd6a53a42aa69f08317112ad3574d23
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D617871108301AFD701DF64DC95DAFBBE8FF99350F40092EF591922A1DB709A49CBA2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0017C4B0
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0017C4C3
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0017C4D7
                                                                                                                                                                                                                                                                                                                                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0017C4F0
                                                                                                                                                                                                                                                                                                                                                            • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0017C533
                                                                                                                                                                                                                                                                                                                                                            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0017C549
                                                                                                                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0017C554
                                                                                                                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0017C584
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0017C5DC
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0017C5F0
                                                                                                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0017C5FB
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dc169370d974ca7757b604e87aab76567b2c6d9543581968b3799df8c2df7a30
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0dcba0904e5eaebf2126c300c3c1562eea1aced1fb8ee93949aa93e8af7fb1cf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dc169370d974ca7757b604e87aab76567b2c6d9543581968b3799df8c2df7a30
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE5151B1600605BFDB218FA4C988AAB7BFCFF04754F00841EF54996650D735E984DBE0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00198592
                                                                                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 001985A2
                                                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 001985AD
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 001985BA
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 001985C8
                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 001985D7
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 001985E0
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 001985E7
                                                                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 001985F8
                                                                                                                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,0019FC38,?), ref: 00198611
                                                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00198621
                                                                                                                                                                                                                                                                                                                                                            • GetObjectW.GDI32(?,00000018,?), ref: 00198641
                                                                                                                                                                                                                                                                                                                                                            • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00198671
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00198699
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 001986AF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6344af451d4aa8b70508662dee8577bcfec4c9397f64b4e4183b2ef492c7bf15
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f3f885e2b8e45e51a4ea444545ca54ca2790b7d829b585b8faa21e487881720b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6344af451d4aa8b70508662dee8577bcfec4c9397f64b4e4183b2ef492c7bf15
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6411A75600204AFDB11DFA5DD48EAA7BB8FF89715F104159F945EB260DB30AD41CF60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 00171502
                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 0017150B
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00171517
                                                                                                                                                                                                                                                                                                                                                            • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 001715FB
                                                                                                                                                                                                                                                                                                                                                            • VarR8FromDec.OLEAUT32(?,?), ref: 00171657
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00171708
                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 0017178C
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 001717D8
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 001717E7
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 00171823
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                            • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2f08316afcd8395cfae5d47db3d750650ad9a3aee4ee31aa3bd3b25118649a88
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 74b9b715a2c0b817f161ef7dc0c6e74e857839f8fd620ce43935bc52d876c15c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f08316afcd8395cfae5d47db3d750650ad9a3aee4ee31aa3bd3b25118649a88
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68D1F071A00105EBDF189F68E885BBDB7B5BF46704F15C06AF44AAB180DB70EC81DBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00109CB3: _wcslen.LIBCMT ref: 00109CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0018B6AE,?,?), ref: 0018C9B5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018C998: _wcslen.LIBCMT ref: 0018C9F1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018C998: _wcslen.LIBCMT ref: 0018CA68
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018C998: _wcslen.LIBCMT ref: 0018CA9E
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0018B6F4
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0018B772
                                                                                                                                                                                                                                                                                                                                                            • RegDeleteValueW.ADVAPI32(?,?), ref: 0018B80A
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0018B87E
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0018B89C
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0018B8F2
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0018B904
                                                                                                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 0018B922
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 0018B983
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0018B994
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3141b2747d937ff2dcc5cc9ebda06b67398097b01ab51437d54040023ffe862c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6b71bf180c747774f56b20c74b4b52bd6e6b17ec6be95661e19a4dc6ab8a9820
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3141b2747d937ff2dcc5cc9ebda06b67398097b01ab51437d54040023ffe862c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BFC17A74608201AFD714EF14C4D5F2ABBE5BF84308F18859CF59A8B6A2CB71EA45CF91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 001825D8
                                                                                                                                                                                                                                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 001825E8
                                                                                                                                                                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(?), ref: 001825F4
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 00182601
                                                                                                                                                                                                                                                                                                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0018266D
                                                                                                                                                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 001826AC
                                                                                                                                                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 001826D0
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 001826D8
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 001826E1
                                                                                                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 001826E8
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,?), ref: 001826F3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5dab28b8812be27f76b4a2db3d55a33cb00925c1e176ec064e4d11686b47d09d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6379fcc72d29ae227959739d0043bc5fc7b8514f4e8ea2492851058070848f56
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5dab28b8812be27f76b4a2db3d55a33cb00925c1e176ec064e4d11686b47d09d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7610775D00219EFCF05DFA4D884AAEBBF6FF48310F20852AE955A7250D770A941CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ___free_lconv_mon.LIBCMT ref: 0013DAA1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0013D63C: _free.LIBCMT ref: 0013D659
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0013D63C: _free.LIBCMT ref: 0013D66B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0013D63C: _free.LIBCMT ref: 0013D67D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0013D63C: _free.LIBCMT ref: 0013D68F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0013D63C: _free.LIBCMT ref: 0013D6A1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0013D63C: _free.LIBCMT ref: 0013D6B3
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0013D63C: _free.LIBCMT ref: 0013D6C5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0013D63C: _free.LIBCMT ref: 0013D6D7
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0013D63C: _free.LIBCMT ref: 0013D6E9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0013D63C: _free.LIBCMT ref: 0013D6FB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0013D63C: _free.LIBCMT ref: 0013D70D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0013D63C: _free.LIBCMT ref: 0013D71F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0013D63C: _free.LIBCMT ref: 0013D731
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013DA96
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001329C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0013D7D1,00000000,00000000,00000000,00000000,?,0013D7F8,00000000,00000007,00000000,?,0013DBF5,00000000), ref: 001329DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001329C8: GetLastError.KERNEL32(00000000,?,0013D7D1,00000000,00000000,00000000,00000000,?,0013D7F8,00000000,00000007,00000000,?,0013DBF5,00000000,00000000), ref: 001329F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013DAB8
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013DACD
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013DAD8
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013DAFA
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013DB0D
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013DB1B
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013DB26
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013DB5E
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013DB65
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013DB82
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013DB9A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 68ecf448cee0aab2b51daf079ece8dd08eb482b5180a6eb661c5c89d7b5d50fb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3c8e5daa8c5c535c50a953aab766f7ab35013c29f1af3b4c8bc651eb36440f83
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68ecf448cee0aab2b51daf079ece8dd08eb482b5180a6eb661c5c89d7b5d50fb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E3148326043159FEF22AA39F946B5ABBE9FF21324F154469F459D7191DF31EC808B20
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 0016369C
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 001636A7
                                                                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00163797
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 0016380C
                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(?), ref: 0016385D
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00163882
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 001638A0
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(00000000), ref: 001638A7
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00163921
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 0016395D
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d819b5de68a4c091765e0eb3764c977bdd362ba8c542bef9107b50f43482d84f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5727a1099d04ce9b73f9eff6a9ac23cd7e0618f81e1b4d704d460c28f56ff8ec
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d819b5de68a4c091765e0eb3764c977bdd362ba8c542bef9107b50f43482d84f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5491B271204706AFD719DF24CC85BEAF7A9FF44354F008629F9AAC2190DB30EA65CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00164994
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 001649DA
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 001649EB
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,00000000), ref: 001649F7
                                                                                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 00164A2C
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00164A64
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00164A9D
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00164AE6
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00164B20
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00164B8B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                            • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 69acf08704d3c52ffb92a7826e289cd2e93f0345b35c5e4109526c6baa539f62
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 578c1a5c04594c8601c8ce23b040be7a7a389d6fdbd33725b253a4e3a6ab6b2e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69acf08704d3c52ffb92a7826e289cd2e93f0345b35c5e4109526c6baa539f62
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C91DD72004205AFDB08DF14CD81FAA77E9FF94714F04846AFD869A196EB30ED65CBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00119BB2
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00198D5A
                                                                                                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 00198D6A
                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(00000000), ref: 00198D75
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00198E1D
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00198ECF
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(?), ref: 00198EEC
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 00198EFC
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00198F2E
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00198F70
                                                                                                                                                                                                                                                                                                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00198FA1
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a0b858580cdb20b7ab94ba4bac55e2b18f799eac1b62d1eec7142e833f504a86
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e8a9c0ff8021557e23cc5c67808fd75386bcf21c23933b4d5b9f8d1ef914f97a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0b858580cdb20b7ab94ba4bac55e2b18f799eac1b62d1eec7142e833f504a86
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F81BE71608301AFDF10CF24C884AABBBE9FF9A754F14091EF98597291DB30D941CBA2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(001D1990,000000FF,00000000,00000030), ref: 0016BFAC
                                                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(001D1990,00000004,00000000,00000030), ref: 0016BFE1
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000001F4), ref: 0016BFF3
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(?), ref: 0016C039
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 0016C056
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,-00000001), ref: 0016C082
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,?), ref: 0016C0C9
                                                                                                                                                                                                                                                                                                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0016C10F
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0016C124
                                                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0016C145
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3941ad168203a9b9f3f07b775a03b41b89a758cd43823f1b382914fbbf635e4b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2f2e2d06ba4a243bd12243f468f529592aaa37bcf1e011de10434d6d9684cd3f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3941ad168203a9b9f3f07b775a03b41b89a758cd43823f1b382914fbbf635e4b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B6181B4A0024AEFDF15CF64CD88AFE7BA8EB06344F144156F891A3291C735AD65CBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0016DC20
                                                                                                                                                                                                                                                                                                                                                            • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0016DC46
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0016DC50
                                                                                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 0016DCA0
                                                                                                                                                                                                                                                                                                                                                            • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0016DCBC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                            • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0765e277eadd4c7f276a00b7b665251d14a032acac8be9840e1c98e7b3d4613f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c230670928911225e47660eabc2e54ac77d1ddb66cc9e665a358795dedfef5f7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0765e277eadd4c7f276a00b7b665251d14a032acac8be9840e1c98e7b3d4613f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0741F472A402147BDB14A7B4EC43EFF776CDF65750F100069F901A61C2EB74992187A9
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0018CC64
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0018CC8D
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0018CD48
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0018CCAA
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0018CCBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0018CCCF
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0018CD05
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0018CD28
                                                                                                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 0018CCF3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 56bc28a71bb3a367a26e162e13d64daf9f9fea858ee226059a180c1a7de9d7a4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2be3de6384a6652738058500376f975321f2a00c352c079607fcf91f0f16f7f8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56bc28a71bb3a367a26e162e13d64daf9f9fea858ee226059a180c1a7de9d7a4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43316975901129BBDB20ABA5DC88EEFBB7CEF55740F000166B906E2240DB709B859FF0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00173D40
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00173D6D
                                                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 00173D9D
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00173DBE
                                                                                                                                                                                                                                                                                                                                                            • RemoveDirectoryW.KERNEL32(?), ref: 00173DCE
                                                                                                                                                                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00173E55
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00173E60
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00173E6B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f63e5c5deece8fe15bb84b4bf77b32dfc58f5bd802abaf5d30d5a0f76b262b19
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5d788a347dd9876a40ed2913a9ced5099beba18777c0c6fb7ece56a802441224
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f63e5c5deece8fe15bb84b4bf77b32dfc58f5bd802abaf5d30d5a0f76b262b19
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F31B076900219ABDB209FA0DC49FEF37BDEF88700F5081B6F559D6060EB7097849B64
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 0016E6B4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0011E551: timeGetTime.WINMM(?,?,0016E6D4), ref: 0011E555
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 0016E6E1
                                                                                                                                                                                                                                                                                                                                                            • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0016E705
                                                                                                                                                                                                                                                                                                                                                            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0016E727
                                                                                                                                                                                                                                                                                                                                                            • SetActiveWindow.USER32 ref: 0016E746
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0016E754
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 0016E773
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000000FA), ref: 0016E77E
                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32 ref: 0016E78A
                                                                                                                                                                                                                                                                                                                                                            • EndDialog.USER32(00000000), ref: 0016E79B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                            • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b6eaf72a19c3682d242ab79dcc9d698873927d69e55a24b431449138f6b9fd4e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3c4119df2d1c78e286394f4be095b60571d4fe33ff79bb5a3d8c2cf9a6edd3ae
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6eaf72a19c3682d242ab79dcc9d698873927d69e55a24b431449138f6b9fd4e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7219675202304BFFB015F64EC89A253BA9FB64748F100527FC51C2AA1DB71DCA4DBA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00109CB3: _wcslen.LIBCMT ref: 00109CBD
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0016EA5D
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0016EA73
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0016EA84
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0016EA96
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0016EAA7
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c71002c416ae83394d0e0b8390260b9d51903eb2187f9763dba947901a589ec7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e75f39f9df106040e274d7dd552655dcef81304158142407cbdb130acbde3074
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c71002c416ae83394d0e0b8390260b9d51903eb2187f9763dba947901a589ec7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E11A035A902197DD720A7A6DD4AEFF6ABCEFE1B04F400529B811A30D1EFB08D04C6B0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 0016A012
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 0016A07D
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 0016A09D
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A0), ref: 0016A0B4
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 0016A0E3
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A1), ref: 0016A0F4
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000011), ref: 0016A120
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 0016A12E
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 0016A157
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000012), ref: 0016A165
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 0016A18E
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(0000005B), ref: 0016A19C
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 39e1ea86541693ab2f955185fa50b76417fc3c1cb91b54681a18ab621ad19f28
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5c0be94fd748fd649304f856ae788bd54e7a2598548c6c4295cbb80c64716bed
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39e1ea86541693ab2f955185fa50b76417fc3c1cb91b54681a18ab621ad19f28
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F51DA219047882AFB35DB608C117EBBFF49F13380F48459DD5C2675C2DB64AA9CCB62
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000001), ref: 00165CE2
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00165CFB
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00165D59
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000002), ref: 00165D69
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00165D7B
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00165DCF
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00165DDD
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00165DEF
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00165E31
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00165E44
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00165E5A
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00165E67
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0d2ea1ea0fc04608fe3a6721b28389024be473beafd49fe7715976715b4c26e3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0000066e888faf373a8a9ffc20edc74427ce135ca4571f14fac113c808a8058c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d2ea1ea0fc04608fe3a6721b28389024be473beafd49fe7715976715b4c26e3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69511071B00615AFDF18CFA8DD89AAEBBB6FB48300F548129F515E7690D7709E50CB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00118F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00118BE8,?,00000000,?,?,?,?,00118BBA,00000000,?), ref: 00118FC5
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00118C81
                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(00000000,?,?,?,?,00118BBA,00000000,?), ref: 00118D1B
                                                                                                                                                                                                                                                                                                                                                            • DestroyAcceleratorTable.USER32(00000000), ref: 00156973
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00118BBA,00000000,?), ref: 001569A1
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00118BBA,00000000,?), ref: 001569B8
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00118BBA,00000000), ref: 001569D4
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 001569E6
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 002bb6a48db262c8e0bb2eceee95b2e59bef187f9002e09ddcd70708f1f0552e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 34472279ac03148ed9ba8dee7faeb8d0014b2392d2742b4b7c6e5a9368b893e9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 002bb6a48db262c8e0bb2eceee95b2e59bef187f9002e09ddcd70708f1f0552e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87618C30502600EFCB299F18D958BA5B7F2FB5031AF54852EE4929B960CB31A8C5DBD0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119944: GetWindowLongW.USER32(?,000000EB), ref: 00119952
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00119862
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b72be6ca852094eaa6bc2ca43075320988dd99fd8cec349660e97ea4ef5d5b1f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 919a0862de99eb9455b5ee49b306fe2cd3ce7593534ab15b6d35d2199d18dbb3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b72be6ca852094eaa6bc2ca43075320988dd99fd8cec349660e97ea4ef5d5b1f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E41AD31104648EFDB285F389C99BF93BA5BB46721F144626F9B28B2E1D7309882DB51
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0014F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00169717
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,0014F7F8,00000001), ref: 00169720
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00109CB3: _wcslen.LIBCMT ref: 00109CBD
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0014F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00169742
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,0014F7F8,00000001), ref: 00169745
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00169866
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ea7bc80351a0b4a6b452d815104d35bfb79c5dfdc4745ff2eb79fbc3626a46a5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 07c4f294fc4585f9bdf9bc0e06104f7178472cc3ee07755bcdeb0abc0068bc27
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea7bc80351a0b4a6b452d815104d35bfb79c5dfdc4745ff2eb79fbc3626a46a5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E411A7290020DABCB08EBE0DE96EEE777CAF64340F500065B64576092EB756F59CBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00106B57: _wcslen.LIBCMT ref: 00106B6A
                                                                                                                                                                                                                                                                                                                                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 001607A2
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 001607BE
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 001607DA
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00160804
                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0016082C
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00160837
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0016083C
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f37ee3891f5c39e220d6e43f0393a34bd91ea5fa94396329137e1b2640fb4979
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 140ef76f979546f4323a8cedd82560f533c193695daa5c9309b55374dbb6e2d9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f37ee3891f5c39e220d6e43f0393a34bd91ea5fa94396329137e1b2640fb4979
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A412972D1022CABCF15EBA4DC95DEEB778FF18340F44412AE941A71A1EB709E54CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 0019403B
                                                                                                                                                                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 00194042
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00194055
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 0019405D
                                                                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,00000000,00000000), ref: 00194068
                                                                                                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 00194072
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 0019407C
                                                                                                                                                                                                                                                                                                                                                            • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00194092
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 0019409E
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 73f436f411102120062d8026a4d364049594b7a3f321c61c8ae88b28345d447c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 48d4ae225fbea35d1af131601693b6c035a380ee2aade478b0c48f44fe017f73
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 73f436f411102120062d8026a4d364049594b7a3f321c61c8ae88b28345d447c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3318C32101215BBDF219FA4CC09FDA3B69FF0D724F010211FA58E61A0C775D861DBA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00183C5C
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00183C8A
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00183C94
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00183D2D
                                                                                                                                                                                                                                                                                                                                                            • GetRunningObjectTable.OLE32(00000000,?), ref: 00183DB1
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 00183ED5
                                                                                                                                                                                                                                                                                                                                                            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00183F0E
                                                                                                                                                                                                                                                                                                                                                            • CoGetObject.OLE32(?,00000000,0019FB98,?), ref: 00183F2D
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 00183F40
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00183FC4
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00183FD8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cce92a0bb11df625824b45644e5b6653c73574962f8e18ec15e275a159490642
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: be4d2880077d2684d9792434097a7adaf52a0488a18481d3012f6072a25167a9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cce92a0bb11df625824b45644e5b6653c73574962f8e18ec15e275a159490642
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ECC147716083019FD700EF68C88492BB7E9FF89B44F04491DF99A9B251DB70EE46CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00177AF3
                                                                                                                                                                                                                                                                                                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00177B8F
                                                                                                                                                                                                                                                                                                                                                            • SHGetDesktopFolder.SHELL32(?), ref: 00177BA3
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(0019FD08,00000000,00000001,001C6E6C,?), ref: 00177BEF
                                                                                                                                                                                                                                                                                                                                                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00177C74
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?,?), ref: 00177CCC
                                                                                                                                                                                                                                                                                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 00177D57
                                                                                                                                                                                                                                                                                                                                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00177D7A
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00177D81
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00177DD6
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00177DDC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e1b3eed69271f94f6de839720753d206aefa90ab42ccde8abcd539cbc28df556
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 055656e1b579aa244f11e2450a982c73853b9b1e62cbdf4ff23149124643210e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1b3eed69271f94f6de839720753d206aefa90ab42ccde8abcd539cbc28df556
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0C10A75A04109AFDB14DFA4C884DAEBBF9FF48304F148499E859DB6A1D730EE85CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00195504
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00195515
                                                                                                                                                                                                                                                                                                                                                            • CharNextW.USER32(00000158), ref: 00195544
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00195585
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0019559B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 001955AC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4524f05ecd818588ed8f4bbbfac7bc4638cf10079831c8f4570d5996006563a4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 280dfe713e0b9eafa39d5a8cc211e8a722257ddc89dad9bf2b22dc1605933655
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4524f05ecd818588ed8f4bbbfac7bc4638cf10079831c8f4570d5996006563a4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67618C31900608AFEF169F94CC849FE7BBAFF09724F104146F965BB291D7709A80DBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0015FAAF
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAllocData.OLEAUT32(?), ref: 0015FB08
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 0015FB1A
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 0015FB3A
                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 0015FB8D
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 0015FBA1
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0015FBB6
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayDestroyData.OLEAUT32(?), ref: 0015FBC3
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0015FBCC
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0015FBDE
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0015FBE9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 59dd4cb2b7fd9eebfb728e67933954cebf76f7459fb791dbfe8d761395082fe5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 941a28dc7634c56e6fb215ca87147d13e9ca63884f2d96549d74181705b46067
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59dd4cb2b7fd9eebfb728e67933954cebf76f7459fb791dbfe8d761395082fe5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66416035A00219DFCF04DF68C8549EEBBB9FF18345F008069E955AB261CB30A946CFE1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 00169CA1
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 00169D22
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A0), ref: 00169D3D
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 00169D57
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A1), ref: 00169D6C
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000011), ref: 00169D84
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 00169D96
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 00169DAE
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000012), ref: 00169DC0
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 00169DD8
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(0000005B), ref: 00169DEA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 40440e7b20e0a0bef4ff9d3b3763332c8f7536aa69838efa67130edd71d07f78
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ffcd4c99dc8a65b9cba3a039e3465ba963b737249e7bc61fceec81a786cbf6ef
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40440e7b20e0a0bef4ff9d3b3763332c8f7536aa69838efa67130edd71d07f78
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A841CB346047CA6FFF3197A4CC043B5BEE86F11344F04806ADAC65A5C2DBB599E8C7A2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • WSAStartup.WSOCK32(00000101,?), ref: 001805BC
                                                                                                                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(?), ref: 0018061C
                                                                                                                                                                                                                                                                                                                                                            • gethostbyname.WSOCK32(?), ref: 00180628
                                                                                                                                                                                                                                                                                                                                                            • IcmpCreateFile.IPHLPAPI ref: 00180636
                                                                                                                                                                                                                                                                                                                                                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 001806C6
                                                                                                                                                                                                                                                                                                                                                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 001806E5
                                                                                                                                                                                                                                                                                                                                                            • IcmpCloseHandle.IPHLPAPI(?), ref: 001807B9
                                                                                                                                                                                                                                                                                                                                                            • WSACleanup.WSOCK32 ref: 001807BF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                            • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 719c3a533b6a767989764e92846fb6a30fc968b67d8dc10fd6473dac9f53671b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 783b0e838d42c2529e212fb9219894a5edd8c84f566a8d0f55a2063bdc015dda
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 719c3a533b6a767989764e92846fb6a30fc968b67d8dc10fd6473dac9f53671b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC91B3356082419FD361EF15C888F16BBE0AF48318F1585A9F4A98B7A2C770FE85CF91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                            • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f34f7b4451a7d19bcd6546b8c1660a9cfb19a41a7e45458b20d0a70c895072ea
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ae6bbf9f6b5237f5da95333b63299f838b42e3f3ab24a139b35743bedfb6c80f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f34f7b4451a7d19bcd6546b8c1660a9cfb19a41a7e45458b20d0a70c895072ea
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE51B331A001169BCF14EFACC9509BEB7A5BF74324BA14229F466E72C5DB71DE40CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32 ref: 00183774
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 0018377F
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000017,0019FB78,?), ref: 001837D9
                                                                                                                                                                                                                                                                                                                                                            • IIDFromString.OLE32(?,?), ref: 0018384C
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 001838E4
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00183936
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 88f163bf9f7520dfc3a033daa1c9f1d5775ed4c7cd56f9816cad5b50a22a9525
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c52ba0f7f074727bc759a2d3c7ac77ab68190dfb227e680125f4c6d086055128
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 88f163bf9f7520dfc3a033daa1c9f1d5775ed4c7cd56f9816cad5b50a22a9525
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D261AD70608301AFD311EF54C848F6AB7E8AF59B14F040919F9959B291D770EE89CF92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 001733CF
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00109CB3: _wcslen.LIBCMT ref: 00109CBD
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 001733F0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b353ba6fade0b82429adb22f34d4ee4d3fefaf0ce05d0cccd332bb171897d685
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 38692ab36d4f8c02cf7e90d7a7d96120bafedec75f418f249948a9fe1c1ee854
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b353ba6fade0b82429adb22f34d4ee4d3fefaf0ce05d0cccd332bb171897d685
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95518E72900209BADF18EBA0DD42EEEB778AF24340F104065F51572092EB716F98DB61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 256a6e4f7435424327da9728b471861686d6b5ab686db472e81939db5ff8e1a4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 96239ef7ac5fd5b7c481a07b6d5774833d1a910254fe7edba483f8fb6dc4cad5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 256a6e4f7435424327da9728b471861686d6b5ab686db472e81939db5ff8e1a4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5141D632A091269BCB205F7DCDD05BE77A5AFB0758B254129E461DB284E731CDE1C790
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 001753A0
                                                                                                                                                                                                                                                                                                                                                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00175416
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00175420
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,READY), ref: 001754A7
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: de72c8aa65ebc197fa30479267ff8c63195f86a71dec83b6e88f4253c01446f3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9b5a2949d8c9c643870a5f8a981606e855b771aafaf19ec547d58f4fe96e577d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de72c8aa65ebc197fa30479267ff8c63195f86a71dec83b6e88f4253c01446f3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0831A235A00504DFD710DF68C984FAA7BB5EF15305F14C06AE40ADB292EBB1ED82CBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateMenu.USER32 ref: 00193C79
                                                                                                                                                                                                                                                                                                                                                            • SetMenu.USER32(?,00000000), ref: 00193C88
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00193D10
                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 00193D24
                                                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 00193D2E
                                                                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00193D5B
                                                                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 00193D63
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 12c02103deb98a26d28b10fc534b22543c51a26e4f41f76346c1f9a1138ffbbe
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cfdb96a277dd2c0f9827f633a0abb1d992722f2ffbb2ff35f0a61b489c74daa9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12c02103deb98a26d28b10fc534b22543c51a26e4f41f76346c1f9a1138ffbbe
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F4169B9A01209AFDF14CFA4D894AEA7BF5FF49350F14002AF956A7360D730AA10CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00109CB3: _wcslen.LIBCMT ref: 00109CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00163CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00163CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00161F64
                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32 ref: 00161F6F
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 00161F8B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00161F8E
                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(?), ref: 00161F97
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 00161FAB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00161FAE
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 59292679fd72a53a0a70a9892101eb5d3c8af43540c88e8c313028fe0aba218e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 027f83f04878cf37076bb5869af535b69fb0377678a30cc71d0c63895b0e1c0b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59292679fd72a53a0a70a9892101eb5d3c8af43540c88e8c313028fe0aba218e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E21D471D00214BBCF04AFA0DC95EEEBBB9EF25350F004156F9A1672E1CB755958DBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00109CB3: _wcslen.LIBCMT ref: 00109CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00163CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00163CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00162043
                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32 ref: 0016204E
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 0016206A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 0016206D
                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(?), ref: 00162076
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 0016208A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 0016208D
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3933fe22f8fbda3b065f2c737ec346e11dd89759de2c553e439883f087eb5e80
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 478e5d2086d0786137c6f5a4ce5632cab42e96b65493e261bd335a7b7e1fe759
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3933fe22f8fbda3b065f2c737ec346e11dd89759de2c553e439883f087eb5e80
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E521D4B5E00218BBDF14AFA0CC45EEEBBB8EF15340F004006F991A72A1CB759954DB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00193A9D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00193AA0
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00193AC7
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00193AEA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00193B62
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00193BAC
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00193BC7
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00193BE2
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00193BF6
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00193C13
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b440ae1e5bea8de6704b82b5bed773173bd94c9351c0076da6637cce18c4c5f7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c1852618278ce0b6071f241782f95630adc923c3abd4d430b54985b6028bd328
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b440ae1e5bea8de6704b82b5bed773173bd94c9351c0076da6637cce18c4c5f7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15615A75900248AFDB10DFA8CC81EEE77B8EF09714F10419AFA15A72A2D774AE85DB50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0016B151
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0016A1E1,?,00000001), ref: 0016B165
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 0016B16C
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0016A1E1,?,00000001), ref: 0016B17B
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 0016B18D
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0016A1E1,?,00000001), ref: 0016B1A6
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0016A1E1,?,00000001), ref: 0016B1B8
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0016A1E1,?,00000001), ref: 0016B1FD
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0016A1E1,?,00000001), ref: 0016B212
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0016A1E1,?,00000001), ref: 0016B21D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6a0612a73828bd4b64353d38ec974be191aab96207dc042a214e1ac61c7c99d4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 42dbff59ae838cff2bda22091dd854d639d329232079297aa154f68c96e7bfa1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a0612a73828bd4b64353d38ec974be191aab96207dc042a214e1ac61c7c99d4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1031EF75506204BFDB109F24EC98B6EBBA9FB51312F10801AFA10D7690D7B4AEC08FA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00132C94
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001329C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0013D7D1,00000000,00000000,00000000,00000000,?,0013D7F8,00000000,00000007,00000000,?,0013DBF5,00000000), ref: 001329DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001329C8: GetLastError.KERNEL32(00000000,?,0013D7D1,00000000,00000000,00000000,00000000,?,0013D7F8,00000000,00000007,00000000,?,0013DBF5,00000000,00000000), ref: 001329F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00132CA0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00132CAB
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00132CB6
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00132CC1
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00132CCC
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00132CD7
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00132CE2
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00132CED
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00132CFB
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 80609eadefa15841dc91ecbe30cb170863fbf97ab92e7dbf84745eed36dc874a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 88ea82aede7c6256d9a21415f08a7396b93a94acc202e8d055d9d7895b53d652
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80609eadefa15841dc91ecbe30cb170863fbf97ab92e7dbf84745eed36dc874a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC119076100128AFCF02FF94E982DDD7BA9FF15354F8144A5FA489B222DB31EA509B90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00177FAD
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00177FC1
                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00177FEB
                                                                                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00178005
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00178017
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00178060
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 001780B0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b6c5e7e1051b6040ea725788324bab2210fec63076ce4f58210d652e7ae16464
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2e851f7ca5f49a771e60eab2b66499cccc69cb1ce7cd345eb91af078b2b9cbbd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6c5e7e1051b6040ea725788324bab2210fec63076ce4f58210d652e7ae16464
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5381B1725082019BDB24EF14C8449AEB3F9BF99314F148C5EF889C7290EB74DD89CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EB), ref: 00105C7A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00105D0A: GetClientRect.USER32(?,?), ref: 00105D30
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00105D0A: GetWindowRect.USER32(?,?), ref: 00105D71
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00105D0A: ScreenToClient.USER32(?,?), ref: 00105D99
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32 ref: 001446F5
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00144708
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00144716
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 0014472B
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00144733
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 001447C4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7146f35d92c1d3f589790c77c481f8bfb1b253599ae524a38428d9512ec7818c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8bb5a8ca948930d60b9672a9514250b4c55431f394326a5155b60c30c24cf5cf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7146f35d92c1d3f589790c77c481f8bfb1b253599ae524a38428d9512ec7818c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8971FE31400205EFDF25CF64C984BBA7BB6FF4A365F14426AE9955A2B6C7309882DF60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 001735E4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00109CB3: _wcslen.LIBCMT ref: 00109CBD
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(001D2390,?,00000FFF,?), ref: 0017360A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f299564b217cf678677cb996fe975817bed39565f0502949df93d017363a5e1b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d7f01f3f84fa8f05f56451b5a4983487ace972efa4adde9156374a31d7534722
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f299564b217cf678677cb996fe975817bed39565f0502949df93d017363a5e1b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97518E71900209BBDF18EBA0DC42EEEBB78BF24310F144125F115761A2EB706B99DFA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00119BB2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0011912D: GetCursorPos.USER32(?), ref: 00119141
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0011912D: ScreenToClient.USER32(00000000,?), ref: 0011915E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0011912D: GetAsyncKeyState.USER32(00000001), ref: 00119183
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0011912D: GetAsyncKeyState.USER32(00000002), ref: 0011919D
                                                                                                                                                                                                                                                                                                                                                            • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00198B6B
                                                                                                                                                                                                                                                                                                                                                            • ImageList_EndDrag.COMCTL32 ref: 00198B71
                                                                                                                                                                                                                                                                                                                                                            • ReleaseCapture.USER32 ref: 00198B77
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,00000000), ref: 00198C12
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00198C25
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00198CFF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1a2e4e74c80536b71a80feb6eec3a570802e033463792207006602c121b302e0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 973f4b401c046a9c708da15658bf750a3811bb44f478112ea8de9a4e79915694
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1a2e4e74c80536b71a80feb6eec3a570802e033463792207006602c121b302e0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF518D71105304AFDB04DF14D865FAA77E4FB99714F40062EF996672E2CB70A944CBA2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0017C272
                                                                                                                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0017C29A
                                                                                                                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0017C2CA
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0017C322
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 0017C336
                                                                                                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0017C341
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6d0fb4e459d89875edf4f8676638a61a7fca1ff284f1cd1a1c47b6cadbb54fd1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bd178db3ab632abf36ca9a864c5ee834d784ae8d8e21f7861ffe03639a5fc581
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d0fb4e459d89875edf4f8676638a61a7fca1ff284f1cd1a1c47b6cadbb54fd1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F63148B1600608AFDB219FA49C88AAB7BFCFB59744B14C51EF48A92601DB34DD449BE1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00143AAF,?,?,Bad directive syntax error,0019CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 001698BC
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,00143AAF,?), ref: 001698C3
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00109CB3: _wcslen.LIBCMT ref: 00109CBD
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00169987
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dbce4126f4ea2a5f7e892e252794edb921329484786363ea5f4a332a016df8f8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0347db0be0ec9656e080691280d47a7b54af44f997bc58557be5f7884277e4da
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dbce4126f4ea2a5f7e892e252794edb921329484786363ea5f4a332a016df8f8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38218B32C0021EABCF15AF90CC46EEE7739BF28304F04446AF555660A2EB71AA68DB51
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 001620AB
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 001620C0
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0016214D
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bc3242c54c3ced09180076fca26b466175061e5f285c98cf8cb9e948ba73f43c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 18a8e75742d7adf6f7c13423b98bd7bea0e0e367b3fdc984cc2c51182d0b4227
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc3242c54c3ced09180076fca26b466175061e5f285c98cf8cb9e948ba73f43c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 871106B668CB16BAF7056220EC06EE6779DCB26724B21001AFB05A50D2EF71ACA25654
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 657ef0614b2b39898880df5c4a3a3c1958e2005bfd88d31631332702918376d0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 682218f6e894abf94f1547c4c4fbee3f92de1316017b85c790052b59dec957bb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 657ef0614b2b39898880df5c4a3a3c1958e2005bfd88d31631332702918376d0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2C1EF74A04349AFDF15EFA8D841BADBBB8AF1A310F1440A9F855A7392C7749942CB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 712891bcf55ecc6530b88a0875111d973660fafcf5a15aa0fad079f3f93de9b9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b852f156555dc696b99b5a30a77803ce7c6d06a5e55caa6c924885ca0ff0b6a7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 712891bcf55ecc6530b88a0875111d973660fafcf5a15aa0fad079f3f93de9b9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99614771905310AFDF26BFB4A881B6A7BAAEF1A314F04416EF944B7281D7369D41C7D0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00195186
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000000), ref: 001951C7
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000005,?,00000000), ref: 001951CD
                                                                                                                                                                                                                                                                                                                                                            • SetFocus.USER32(?,?,00000005,?,00000000), ref: 001951D1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00196FBA: DeleteObject.GDI32(00000000), ref: 00196FE6
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 0019520D
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0019521A
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0019524D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00195287
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00195296
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d4a7f375d6d6b5dabc11995edec1855208a21ed2a75595516caca5b4f5dbbfb1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bd74dff3f8cf483fe99cd4c843ad4b55a04c06f4de8576b2b9783e7f25e437ad
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4a7f375d6d6b5dabc11995edec1855208a21ed2a75595516caca5b4f5dbbfb1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F651B130A41A08FFEF2A9F24CC49BD83B67FB05365F184022F625B62E1C375A980DB51
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00156890
                                                                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 001568A9
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 001568B9
                                                                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 001568D1
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 001568F2
                                                                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00118874,00000000,00000000,00000000,000000FF,00000000), ref: 00156901
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0015691E
                                                                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00118874,00000000,00000000,00000000,000000FF,00000000), ref: 0015692D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 279e142b4b18fa0675f9932994a60733ffd4aa6ca4d672bf800ee9860eed2eac
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b8cc4ed2dad29866ba793f0b9361303e2b80261819c5c783503496fcbceda168
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 279e142b4b18fa0675f9932994a60733ffd4aa6ca4d672bf800ee9860eed2eac
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62519A70A00209EFDB28CF24CC51FAA7BB5FF58755F104529F9569B2A0DB70E990DB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0017C182
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0017C195
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 0017C1A9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0017C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0017C272
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0017C253: GetLastError.KERNEL32 ref: 0017C322
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0017C253: SetEvent.KERNEL32(?), ref: 0017C336
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0017C253: InternetCloseHandle.WININET(00000000), ref: 0017C341
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4abac84fc7ed29d9ba8853bb08b28d539895a45b1b1416d844d6317c4bd44a6a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 76d09111d6f833fe7d25c5e70eeba3fdc51f84ba699f1a8bb0f536e47e1402b6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4abac84fc7ed29d9ba8853bb08b28d539895a45b1b1416d844d6317c4bd44a6a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A319C71200601EFDB259FE5DC44A66BBF9FF28300B54842EF99A82A11DB30E954DBE0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00163A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00163A57
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00163A3D: GetCurrentThreadId.KERNEL32 ref: 00163A5E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00163A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,001625B3), ref: 00163A65
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 001625BD
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 001625DB
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 001625DF
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 001625E9
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00162601
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00162605
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 0016260F
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00162623
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00162627
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a952608f6f8d85b352ad9dd063eec464b12bcccad02380f9f738fe1f822bda5f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c1d27499d9463e7f6c517ac4ba58e4373409c8756f89d123886a1ef06f9f0276
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a952608f6f8d85b352ad9dd063eec464b12bcccad02380f9f738fe1f822bda5f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D01B530290610BBFB1067699C8AF993E59DF5AB52F100012F354AF1D1C9F11494DAA9
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00161449,?,?,00000000), ref: 0016180C
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00161449,?,?,00000000), ref: 00161813
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00161449,?,?,00000000), ref: 00161828
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,00161449,?,?,00000000), ref: 00161830
                                                                                                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,00161449,?,?,00000000), ref: 00161833
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00161449,?,?,00000000), ref: 00161843
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00161449,00000000,?,00161449,?,?,00000000), ref: 0016184B
                                                                                                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,00161449,?,?,00000000), ref: 0016184E
                                                                                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,00161874,00000000,00000000,00000000), ref: 00161868
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5b829519e26d0f5cf12fbe559f699a811c5b81a33153beec805ee73efb39e6f2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 57d102a4d79efa05cefc08349ef6892ffa8643a2d807809247321393d132f827
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b829519e26d0f5cf12fbe559f699a811c5b81a33153beec805ee73efb39e6f2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B01BBB5240308FFE710ABA5DD4EF6B3BACEB89B11F404422FA45DB5A1CA709850CB74
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0016D501
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0016D50F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016D4DC: CloseHandle.KERNELBASE(00000000), ref: 0016D5DC
                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0018A16D
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0018A180
                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0018A1B3
                                                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 0018A268
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 0018A273
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0018A2C4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                            • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: be7890b1b84f6246d234d58da2d774e3e8c525c617ce8071490e584e24a68add
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7e88f574d38d625272408748cdb8d7f806df2db4f414770543bed702f30fafaa
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: be7890b1b84f6246d234d58da2d774e3e8c525c617ce8071490e584e24a68add
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B617E702042429FE724EF18C494F15BBA1AF54318F58849DE4A64BBA3C7B6ED45CFD2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00193925
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0019393A
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00193954
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00193999
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 001939C6
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 001939F4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 18ee96c3de5a5817dc3549c791dbc408aeb9036ba0345504f70b5d05805d0f04
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7d7b53c5405440fe830a1a0449212456b5638c2579a72890010b16d1481f6625
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18ee96c3de5a5817dc3549c791dbc408aeb9036ba0345504f70b5d05805d0f04
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B419571A00219ABDF219F64CC49FEA77A9FF18354F100526F968E7281D7B19D94CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0016BCFD
                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(00000000), ref: 0016BD1D
                                                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 0016BD53
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(01165D80), ref: 0016BDA4
                                                                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(01165D80,?,00000001,00000030), ref: 0016BDCC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 08f36f9150a56ae906e7942c3ff284dd9f95e4de92c4035431ec1797acbf59c6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ba95b37d5595bd05f9d6cdb069d540bf3fb86065c394e1835246bb494e171d94
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08f36f9150a56ae906e7942c3ff284dd9f95e4de92c4035431ec1797acbf59c6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2051BF70A082059BDF24CFE8DCC4BAEBBF8BF55318F14421AE441DB291D77099A1CB61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000000,00007F03), ref: 0016C913
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                            • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cf44b30ad18d17d6e1456773ba14ceba6ba0c38663cf2c702384a369d02d0154
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b6fb7fde1e899833a9435d4da8457dab3e867de662ae37c89afc908ecdc2a713
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf44b30ad18d17d6e1456773ba14ceba6ba0c38663cf2c702384a369d02d0154
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36113A32689316BBE7089B54EC83DBE379CDF25359B20002FF544E7282E7B09E2052E4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b6cf3625d6fee5aa09a29ebd9c585594c572675fc1210d449c4e32af50aa9909
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6d5e15f21f6f9c2e88bb5a26348741253b227103ba578beeb2f1e58488e978e5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6cf3625d6fee5aa09a29ebd9c585594c572675fc1210d449c4e32af50aa9909
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9112C31A04115AFDB24AB64FC0AEEE77BCDF25710F01016AF54596091EFB18AD18A90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00119BB2
                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(0000000F), ref: 00199FC7
                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(0000000F), ref: 00199FE7
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0019A224
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0019A242
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0019A263
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000003,00000000), ref: 0019A282
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 0019A2A7
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000005,?,?), ref: 0019A2CA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1211466189-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6bcf68d740169da99b451bf7ab11c62eec594b9d3b41865ec0dfc8d3368bbe8c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3c0f65b15fe6616be80752c5eea65002aead671c9eb7b97330018f1501015b99
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6bcf68d740169da99b451bf7ab11c62eec594b9d3b41865ec0dfc8d3368bbe8c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5B19B35600215EFDF18CF68C9857AE7BF2FF44701F498069EC899B295D731A984CBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4c416f9f06d53c4071f06993abf49a9c075e71c9c47e99ba24f2fe1bd4fa18d7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6791addb7afe0dde68427bf72cfb016f7172e642ec913699a77c036da6dce749
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c416f9f06d53c4071f06993abf49a9c075e71c9c47e99ba24f2fe1bd4fa18d7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8741C365C10228B6CB11EBF4DC8A9CFB7E8AF59310F508562E518E3161FB34E265C3E5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0015682C,00000004,00000000,00000000), ref: 0011F953
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0015682C,00000004,00000000,00000000), ref: 0015F3D1
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0015682C,00000004,00000000,00000000), ref: 0015F454
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 917dbad0d02aea5cd7c3b2b2d964b332b4bc819a503ebb0a50d069b6f827429a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9a5ed78c16976ad64f7022dff5faebe85499516aac8488a50164718ec67ccbb5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 917dbad0d02aea5cd7c3b2b2d964b332b4bc819a503ebb0a50d069b6f827429a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35416E30208648FFD73CAB29C8887AA7B92BB56329F59443DF49756960C73198C7CB50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00192D1B
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00192D23
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00192D2E
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00192D3A
                                                                                                                                                                                                                                                                                                                                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00192D76
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00192D87
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00195A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00192DC2
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00192DE1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ec960676112b5e483b7ef76e833893199d2e74896f53f1fc92c484faa546a2a0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 46922edf03ca90a3d8512918eabe4626235db3382a996096b0defabfd0da67b7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec960676112b5e483b7ef76e833893199d2e74896f53f1fc92c484faa546a2a0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74317A76201214BFEF218F50DC8AFEB3BA9EF09715F044066FE489A291C6759C90CBB4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ca8489f20c1cc7093c8d5371a66caa38c98786946e14b83bbdf22d5aa80e9544
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 19431003d495aa70c52c93e9d729de17d5ab1adf0b78048763ff0b615fb885e9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca8489f20c1cc7093c8d5371a66caa38c98786946e14b83bbdf22d5aa80e9544
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8821C661A41A197BD718DA20EE82FFA335FBF303A4F444024FD05AA681F720ED31C1A5
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5d3d13e385f26c0e532ad5dd6b69f8a8d0c0d0fc33627fc03833daf31c4c784e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0a5f137a176fd1587cf73634739f301784cb67e2ea1ba12486b725fcfc5023d9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d3d13e385f26c0e532ad5dd6b69f8a8d0c0d0fc33627fc03833daf31c4c784e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27D1A375A0060A9FDF14DF98C885BAEB7B6FF48344F148069E915AB281D770DE45CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,001417FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 001415CE
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,001417FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00141651
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,001417FB,?,001417FB,00000000,00000000,?,00000000,?,?,?,?), ref: 001416E4
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,001417FB,00000000,00000000,?,00000000,?,?,?,?), ref: 001416FB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00133820: RtlAllocateHeap.NTDLL(00000000,?,001D1444,?,0011FDF5,?,?,0010A976,00000010,001D1440,001013FC,?,001013C6,?,00101129), ref: 00133852
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,001417FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00141777
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 001417A2
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 001417AE
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 09515a7b3a2895257691c286d1e2e6b5e1d04f4d0da987247a4a26c7bb57a546
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c8593308c599d181b566851046e64e1d3e02cefd0dda8f066c99aef54ff71d6b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09515a7b3a2895257691c286d1e2e6b5e1d04f4d0da987247a4a26c7bb57a546
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6991C472E00216BADF248EB4C881AEE7BB5AF49350F194669E905EB161D735DDC0CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5c6589ba353e2064a695511b84eb967a66f305e3d1c0a8af8654c19ed4b9f0a4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 241c6d65819183eaf2b3a2dfc891faa69bf9ff28f28818b69c267944bc10ebf8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c6589ba353e2064a695511b84eb967a66f305e3d1c0a8af8654c19ed4b9f0a4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27918271A0021AAFDF24DFA5D844FAEBBB8EF56714F10855DF505AB280DB709A41CFA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0017125C
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00171284
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 001712A8
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 001712D8
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0017135F
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 001713C4
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00171430
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a167538d5a6373f1f176d0fc739e8fa86fdfb2d1201376e353143cc003419924
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bb385ab5cc363694ff5d94286fb7061cae73aeef1687af8a1884d7712de26fca
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a167538d5a6373f1f176d0fc739e8fa86fdfb2d1201376e353143cc003419924
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38910671A00208BFDB05DFA8C884BFE77B5FF55315F258029E945EB292D774A981CB90
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d8525b2e9609d6da5e2eb8cbd68f7a7243e1f7b2d11a9e2b9e5d2f48c82bc19b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 92284a10277f4097ae0aa153af560db8edb0ad9a0a0718fcf25e4e000931c67a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8525b2e9609d6da5e2eb8cbd68f7a7243e1f7b2d11a9e2b9e5d2f48c82bc19b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4913A71D04219EFCB54CFA9CC84AEEBBB9FF49320F144156E925B7251D374A981CB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 0018396B
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 00183A7A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00183A8A
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00183C1F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00170CDF: VariantInit.OLEAUT32(00000000), ref: 00170D1F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00170CDF: VariantCopy.OLEAUT32(?,?), ref: 00170D28
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00170CDF: VariantClear.OLEAUT32(?), ref: 00170D34
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3d4b1188ae93503487305ba706c2fbf4200b337ac53a32e3f80609ef23dacbac
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 313f26d2db4e3e74ebdc18f6a3c12dde062f8bf26e59f7a324d5094e01f17f5f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d4b1188ae93503487305ba706c2fbf4200b337ac53a32e3f80609ef23dacbac
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F914775A083059FC704EF24C49096AB7E4BF99714F18882EF8999B391DB70EE45CF92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0015FF41,80070057,?,?,?,0016035E), ref: 0016002B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0015FF41,80070057,?,?), ref: 00160046
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0015FF41,80070057,?,?), ref: 00160054
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0015FF41,80070057,?), ref: 00160064
                                                                                                                                                                                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00184C51
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00184D59
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00184DCF
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?), ref: 00184DDA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                            • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fbefa4edd78cab9e89b7c2d2b2c720bac74bc486321f0634b7a905b8c848249b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f7169dac7e55e7cc97ac1b4c84d09b9a0fcc6ccc9f1134cac1c759ec29d3cbc2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fbefa4edd78cab9e89b7c2d2b2c720bac74bc486321f0634b7a905b8c848249b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B913A71D0021DAFDF14EFA4DC90AEEB7B8BF18314F10816AE555A7291DB745A44CFA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenu.USER32(?), ref: 00192183
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00000000), ref: 001921B5
                                                                                                                                                                                                                                                                                                                                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 001921DD
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00192213
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,?), ref: 0019224D
                                                                                                                                                                                                                                                                                                                                                            • GetSubMenu.USER32(?,?), ref: 0019225B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00163A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00163A57
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00163A3D: GetCurrentThreadId.KERNEL32 ref: 00163A5E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00163A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,001625B3), ref: 00163A65
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 001922E3
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016E97B: Sleep.KERNEL32 ref: 0016E9F3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 662d510ab7265869b336c02717914cc7f1b46e40f073dfef9646b885e1fb5c10
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b503b4fad5867247ac6a1e2f3d5fdd10ff989fb3cc18d6e9cb178df654310f96
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 662d510ab7265869b336c02717914cc7f1b46e40f073dfef9646b885e1fb5c10
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2718C75E00205AFCF14EFA8C845AAEB7F5EF58310F158469E856EB381DB74EE418B90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32(01165FD8), ref: 00197F37
                                                                                                                                                                                                                                                                                                                                                            • IsWindowEnabled.USER32(01165FD8), ref: 00197F43
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0019801E
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(01165FD8,000000B0,?,?), ref: 00198051
                                                                                                                                                                                                                                                                                                                                                            • IsDlgButtonChecked.USER32(?,?), ref: 00198089
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(01165FD8,000000EC), ref: 001980AB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 001980C3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 62486f353b090f51b4212a664988e687c7605470871e2883ab4faa893e7ac4c5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 55d3ebf0c09b5817f3b85881e8a646c38f307c557d882bad648fb696bd09a7eb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 62486f353b090f51b4212a664988e687c7605470871e2883ab4faa893e7ac4c5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE716F34609204AFEF259F54C894FFA7BB5FF1A300F14445AF955A72A1CB31AC85DB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 0016AEF9
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 0016AF0E
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 0016AF6F
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 0016AF9D
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 0016AFBC
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 0016AFFD
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0016B020
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2029e53c0596507774ac0c39c75b0c95ae3fe700f850bd05d9d9cd1e3b2c5c8c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2801fbac5b76404e96e3158e9374c3712070b3508aab79d34e7b799c1356a39a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2029e53c0596507774ac0c39c75b0c95ae3fe700f850bd05d9d9cd1e3b2c5c8c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7951B4A0A087D53DFB3642348C85BBA7EE95F06304F088589F1D5958C3D3E9ACE4DB52
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(00000000), ref: 0016AD19
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 0016AD2E
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 0016AD8F
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0016ADBB
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0016ADD8
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0016AE17
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0016AE38
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 13e995ce9d19175d0d474adf4f7e99247b480319b7a5a77ef4a332511a79e883
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 703d2abefb2e02232f1a68c80b19330866afd330dad06352b85534657b240187
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13e995ce9d19175d0d474adf4f7e99247b480319b7a5a77ef4a332511a79e883
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 635118A16087D13DFB3783748C95B7A7EE85F05300F488489E1D5668C3C395ECA4DB62
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetConsoleCP.KERNEL32(00143CD6,?,?,?,?,?,?,?,?,00135BA3,?,?,00143CD6,?,?), ref: 00135470
                                                                                                                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 001354EB
                                                                                                                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 00135506
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00143CD6,00000005,00000000,00000000), ref: 0013552C
                                                                                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,00143CD6,00000000,00135BA3,00000000,?,?,?,?,?,?,?,?,?,00135BA3,?), ref: 0013554B
                                                                                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,00135BA3,00000000,?,?,?,?,?,?,?,?,?,00135BA3,?), ref: 00135584
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3d98498da1ca89579f75f6b84154f14247fb69d64ead90e803ebad19bd87b580
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b11237b767543cb8eec630bc4bb02528efbc9b841842aa8f7b0946c60a25df66
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d98498da1ca89579f75f6b84154f14247fb69d64ead90e803ebad19bd87b580
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE51D671A006499FDF11CFA8D845AEEBBFAEF09700F14452AF955E7291E730EA41CB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00122D4B
                                                                                                                                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00122D53
                                                                                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00122DE1
                                                                                                                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00122E0C
                                                                                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00122E61
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3940e0aad8fde618086df72acacccf387fd95cbb9cbb98d441a45b6abea4fd47
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a9894a80d10f01c3c889255aafbf6c3b56267797612c0b6d8487ded2d75f8291
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3940e0aad8fde618086df72acacccf387fd95cbb9cbb98d441a45b6abea4fd47
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3741D334E00228BBCF10DFA8E845AAEBBB5BF55324F148155F8146B352D735DA65CBD0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0018307A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018304E: _wcslen.LIBCMT ref: 0018309B
                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00181112
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00181121
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 001811C9
                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 001811F9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8f0326ec64f7058fb05f81e2e29e15abc3c30408c4e9f1a5c07f119f1e819f7a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5ca007842990b2e34738ed9cf8b10368437cb3b1cf29eee390925fafd9ce62ed
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f0326ec64f7058fb05f81e2e29e15abc3c30408c4e9f1a5c07f119f1e819f7a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C41D432600204AFDB10AF64C888BA9B7EAEF45364F148159FD559B291C770AE82CFE1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0016CF22,?), ref: 0016DDFD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0016CF22,?), ref: 0016DE16
                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 0016CF45
                                                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0016CF7F
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0016D005
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0016D01B
                                                                                                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?), ref: 0016D061
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c14dcb5607278c3d790fdbf501f7e56f802ce05a5f3225e8e9fa31fb2fbed194
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: eecc7ca67abb95200929e56e74d4e31027276fddaf6fdddadb7f2cc410c7609a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c14dcb5607278c3d790fdbf501f7e56f802ce05a5f3225e8e9fa31fb2fbed194
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A414671D452189FDF12EFA4DD81AEEB7F9AF18380F1000E6E545EB142EB74A698CB50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00192E1C
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00192E4F
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00192E84
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00192EB6
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00192EE0
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00192EF1
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00192F0B
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 42011bf7ce76dda1a5c1ca2028849dd9bde6f235e7b1f79bea4f82f57f28c43a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c4af85da26e85c4066a13c0d6a21acac61d696de15736d7085bacfbf6a77258c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42011bf7ce76dda1a5c1ca2028849dd9bde6f235e7b1f79bea4f82f57f28c43a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E310C35606240BFEF21CF18DCD4FA537A0EB9A724F1501A6F9408B2B2CB71A8809B90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00167769
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0016778F
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00167792
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 001677B0
                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 001677B9
                                                                                                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 001677DE
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 001677EC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3a2dfa9ccc5c6589198ca76f57ab496d9afb677b85c0822ac97757107778efc8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a47a880752848a039d6ad003d3f9396c6f30cebb1f9dfa66edbb63a391d9537f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a2dfa9ccc5c6589198ca76f57ab496d9afb677b85c0822ac97757107778efc8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9221A176608219AFDF10EFACCD88CBB77ACEB097687048426FA15DB190D774DC8187A4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00167842
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00167868
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 0016786B
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32 ref: 0016788C
                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32 ref: 00167895
                                                                                                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 001678AF
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 001678BD
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 176ef61c5013653987ea3b65199795ad5c10c6552189388d961c760d9618c8a5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e16f1012d8c34736d5e8e43cf6f9c1b97e0a7df97719e8bcafc3b2a41f4bb587
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 176ef61c5013653987ea3b65199795ad5c10c6552189388d961c760d9618c8a5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03217F31608204AFDB14AFB8DC88DBA77ECEB097647108126F915CB2A1DB70DC91CBA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(0000000C), ref: 001704F2
                                                                                                                                                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0017052E
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 073d3522349e68b161ab3b13d9e9b19854afc17a41e4edd49a170ffc7e2fb3d6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1856975b041202e57487845aa7d6cabdfa529d38fd8380d0fc123fd5a38cf558
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 073d3522349e68b161ab3b13d9e9b19854afc17a41e4edd49a170ffc7e2fb3d6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38217F75500305EFDB219F69DC44A9A7BB4BF59724F208A19F8A9D72E0D770D980CF60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 001705C6
                                                                                                                                                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00170601
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 876b5d9b03c0ecf7c8e67cd1fe177187db7e73a4bfdb79d2990d8f382fdaf0ea
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d0c8de8b2d1a87a8bab7f6aaa7cde374e86834d929d3585b9bd65f647ec1b1ef
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 876b5d9b03c0ecf7c8e67cd1fe177187db7e73a4bfdb79d2990d8f382fdaf0ea
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1021B275500305DFDB219F69CC54A9A77F4BF99720F208B1AF8A5E72E0E77099A0CB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0010600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0010604C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0010600E: GetStockObject.GDI32(00000011), ref: 00106060
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0010600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0010606A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00194112
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0019411F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0019412A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00194139
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00194145
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 32d153198464f1d9a82324547482f899baeb5a573fcd50dac15206679abfa49a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8ce0b3574e51e83cca49cdec6a924a8ee407f80eed56fb2da779ddd30fda752f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 32d153198464f1d9a82324547482f899baeb5a573fcd50dac15206679abfa49a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9611B2B2140219BFEF119F64CC86EE77F5DEF18798F014121BA18A2190C772DC61DBA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0013D7A3: _free.LIBCMT ref: 0013D7CC
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013D82D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001329C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0013D7D1,00000000,00000000,00000000,00000000,?,0013D7F8,00000000,00000007,00000000,?,0013DBF5,00000000), ref: 001329DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001329C8: GetLastError.KERNEL32(00000000,?,0013D7D1,00000000,00000000,00000000,00000000,?,0013D7F8,00000000,00000007,00000000,?,0013DBF5,00000000,00000000), ref: 001329F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013D838
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013D843
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013D897
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013D8A2
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013D8AD
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013D8B8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b52de83fec4bd57b1b277975b3d029f30e4e4b0543e3f29dd6c3b43f4cbdecbf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C114C71940B24AAEA21BFF0FC47FCB7BDCAF20704F400825F699A6292DB75B5058761
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0016DA74
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 0016DA7B
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0016DA91
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 0016DA98
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0016DADC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            • %s (%d) : ==> %s: %s %s, xrefs: 0016DAB9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                            • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 326c277e43efcad7602344c8953a336f2d2fef99f1d9bb22a4df1f68955a6107
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5bee27ec42fc873d25532ea70bc8f71221ee80a04c0f15bbfa60794f7aa899d9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 326c277e43efcad7602344c8953a336f2d2fef99f1d9bb22a4df1f68955a6107
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 880112F6904208BFEB11DBE4DD89EE7766CE708701F4044A6B746E2041E6749E848FB5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(0115DA48,0115DA48), ref: 0017097B
                                                                                                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0115DA28,00000000), ref: 0017098D
                                                                                                                                                                                                                                                                                                                                                            • TerminateThread.KERNEL32(?,000001F6), ref: 0017099B
                                                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000003E8), ref: 001709A9
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 001709B8
                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(0115DA48,000001F6), ref: 001709C8
                                                                                                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(0115DA28), ref: 001709CF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3265d6a4fab5033e05a71f5ba7dbc92fd30442297b018c7f3f447fd756f2fb19
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1ec0d2f0bfd4e96441f46ab0af87778e2fafc2076bcc89ad2e397667ce669eff
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3265d6a4fab5033e05a71f5ba7dbc92fd30442297b018c7f3f447fd756f2fb19
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4F0CD31442A12EBD7525BA4EE89AD67A35BF05706F801026F24550CA1C775A5A5CFE0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00181DC0
                                                                                                                                                                                                                                                                                                                                                            • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00181DE1
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00181DF2
                                                                                                                                                                                                                                                                                                                                                            • htons.WSOCK32(?,?,?,?,?), ref: 00181EDB
                                                                                                                                                                                                                                                                                                                                                            • inet_ntoa.WSOCK32(?), ref: 00181E8C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001639E8: _strlen.LIBCMT ref: 001639F2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00183224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0017EC0C), ref: 00183240
                                                                                                                                                                                                                                                                                                                                                            • _strlen.LIBCMT ref: 00181F35
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7fe948e18065ad314a0aaa075462c8e9534df1fa3ee6c2f8e2f796ee31fba405
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b58a06823eba4f5887835ae7634f4a013ecac7fdceda1544064db05566a45e28
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7fe948e18065ad314a0aaa075462c8e9534df1fa3ee6c2f8e2f796ee31fba405
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CB1E332204300AFC324EF24C895E2A77E9AF94318F54855CF5965B2E2CB71EE86CF91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00105D30
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00105D71
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00105D99
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00105ED7
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00105EF8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a7be8e095020bfb8f759c6970a6b1c516ab28a1cdbf62847010fb9907e9cfcfa
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 840f9d56dc2568697957361bf54d06911969704e579a5b73cc636a963ec3de49
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7be8e095020bfb8f759c6970a6b1c516ab28a1cdbf62847010fb9907e9cfcfa
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31B15835A00A4ADBDB14CFA9C4807EAB7F2FF58310F14841AE8E9D7290DB74AA51DF54
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 001300BA
                                                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 001300D6
                                                                                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 001300ED
                                                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0013010B
                                                                                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 00130122
                                                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00130140
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3e32641871fbda82d5f01280cb73f2de3ed26d9b779f791eca22c57314f144cc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13815672A00B16ABE725AF28CC92B6B73F8AF55764F24423EF550D7281E770D9418B90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,001282D9,001282D9,?,?,?,0013644F,00000001,00000001,8BE85006), ref: 00136258
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0013644F,00000001,00000001,8BE85006,?,?,?), ref: 001362DE
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 001363D8
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 001363E5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00133820: RtlAllocateHeap.NTDLL(00000000,?,001D1444,?,0011FDF5,?,?,0010A976,00000010,001D1440,001013FC,?,001013C6,?,00101129), ref: 00133852
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 001363EE
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00136413
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3d3bb9b11847bead48970aad0bdfa76524998896d621782289804b18d7b0bb9a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 55defddc265c5f101bfdf6852d85e662b12279400b842955816b4c50da920588
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d3bb9b11847bead48970aad0bdfa76524998896d621782289804b18d7b0bb9a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C451D072A00216BBEB258F64CC81EBF7BA9EF54750F158629FC09D7140EB34DC80C6A0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00109CB3: _wcslen.LIBCMT ref: 00109CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0018B6AE,?,?), ref: 0018C9B5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018C998: _wcslen.LIBCMT ref: 0018C9F1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018C998: _wcslen.LIBCMT ref: 0018CA68
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018C998: _wcslen.LIBCMT ref: 0018CA9E
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0018BCCA
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0018BD25
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0018BD6A
                                                                                                                                                                                                                                                                                                                                                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0018BD99
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0018BDF3
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0018BDFF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 627371c089ddbbbdf760cdba9030ce0375aaf01cdcf3673549c5f2bbefd9be69
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bb2b52c660eefb73ecaf71c1e0c7c56ae3f7b1ec73f56ea783f9b0a2ac6a92b7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 627371c089ddbbbdf760cdba9030ce0375aaf01cdcf3673549c5f2bbefd9be69
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85817B30208241AFD714EF64C891E6ABBE5BF84308F14855DF4994B2A2DB31EE45CF92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000035), ref: 0015F7B9
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000001), ref: 0015F860
                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(0015FA64,00000000), ref: 0015F889
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(0015FA64), ref: 0015F8AD
                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(0015FA64,00000000), ref: 0015F8B1
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0015F8BB
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6b1e2247164dc184bdd2941d333232e75bb0da5a99016af5c0aa031ad47b9e5a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 42be20c14a69f13b682d366c0b5664edfd48090bca7669474992c6bf8d0593be
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6b1e2247164dc184bdd2941d333232e75bb0da5a99016af5c0aa031ad47b9e5a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1751E531600300FACF14AB65D895B29B3A8EF55316B24846FFC55DF291DBB08C8AC796
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00107620: _wcslen.LIBCMT ref: 00107625
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00106B57: _wcslen.LIBCMT ref: 00106B6A
                                                                                                                                                                                                                                                                                                                                                            • GetOpenFileNameW.COMDLG32(00000058), ref: 001794E5
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00179506
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0017952D
                                                                                                                                                                                                                                                                                                                                                            • GetSaveFileNameW.COMDLG32(00000058), ref: 00179585
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                            • String ID: X
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 87092a822520259cd68282c7984346ab5166b559bead2fb3e613eb25d68dca68
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 64818b621d64f071861cba6ea8c6dd50d19a23e20ca76e5d2753217ccfd46ade
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87092a822520259cd68282c7984346ab5166b559bead2fb3e613eb25d68dca68
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DCE1B3316083508FD724DF24C881A6AB7F4FF99314F14896DF8899B2A2DB71ED45CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00119BB2
                                                                                                                                                                                                                                                                                                                                                            • BeginPaint.USER32(?,?,?), ref: 00119241
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 001192A5
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 001192C2
                                                                                                                                                                                                                                                                                                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 001192D3
                                                                                                                                                                                                                                                                                                                                                            • EndPaint.USER32(?,?,?,?,?), ref: 00119321
                                                                                                                                                                                                                                                                                                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 001571EA
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119339: BeginPath.GDI32(00000000), ref: 00119357
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c29073a596ff3679d1e46bfe1b53ccf4bdcb982dd9da0cae573a3bf997ff04ff
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 618996ed8e19320e50ea405f1284b6f49a9c151f1005902644f5243af1cc0eb6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c29073a596ff3679d1e46bfe1b53ccf4bdcb982dd9da0cae573a3bf997ff04ff
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0441BE70109200EFD714DF64DCA5FBA7BB8FB55325F04062AF9A48B2E1C7309885DBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 0017080C
                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00170847
                                                                                                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 00170863
                                                                                                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 001708DC
                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 001708F3
                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 00170921
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5aac6e943c17ce5a0539609772514681c28753370c5c2337441953ad24d9cb14
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3f1e62a3168df0ce9860d220aa30f88368bc206b90c212188b7a2e03f611e504
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5aac6e943c17ce5a0539609772514681c28753370c5c2337441953ad24d9cb14
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7414971A00205EFDF159F54DC85AAA77B8FF08310F1580B9ED049A29BD730EEA5DBA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0015F3AB,00000000,?,?,00000000,?,0015682C,00000004,00000000,00000000), ref: 0019824C
                                                                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000000), ref: 00198272
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000), ref: 001982D1
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000004), ref: 001982E5
                                                                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000001), ref: 0019830B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0019832F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2c2d4578f7c4721b5934405b7f92ecbb61eae9b7069306c76fea9eefa643e176
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bdb6487ef08191b3d81662cdd145627cd5fdafe0f8508dc293ebd341f41bef70
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c2d4578f7c4721b5934405b7f92ecbb61eae9b7069306c76fea9eefa643e176
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3416234602644BFDF25CF25D899BE47BF1FB4B714F1852AAE5484B6A3CB31A881CB50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(?), ref: 00164C95
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00164CB2
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00164CEA
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00164D08
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00164D10
                                                                                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 00164D1A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1e13370201104fe3b45b9c6c687469486bbdbb430fdb9f18ccd9cdfa06110633
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 00a80386b2030ca10908364a7425d25dc2cd62248c7cea44ea9dd3cb695b45f3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e13370201104fe3b45b9c6c687469486bbdbb430fdb9f18ccd9cdfa06110633
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13213832605200BBEB195B79EC09EBF7BACDF65750F11803EF805CA291EB61CC91D2A0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00103AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00103A97,?,?,00102E7F,?,?,?,00000000), ref: 00103AC2
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0017587B
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00175995
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(0019FCF8,00000000,00000001,0019FB68,?), ref: 001759AE
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 001759CC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 81d04a3a17e448e6232d03ae439e5ad2852d9758fdb0bf003bc506ce2b60bcad
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c2975e7aa14ec8fffaa798db954b4c7b4c33f891244fb7006e81e18600e252f9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81d04a3a17e448e6232d03ae439e5ad2852d9758fdb0bf003bc506ce2b60bcad
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65D143716087019FC714DF24C480A2ABBF6EF99714F14885DF8899B3A1DBB1EC45CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00160FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00160FCA
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00160FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00160FD6
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00160FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00160FE5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00160FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00160FEC
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00160FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00161002
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000000,00161335), ref: 001617AE
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 001617BA
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 001617C1
                                                                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 001617DA
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00161335), ref: 001617EE
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 001617F5
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e2bb80738af8c6820c65f0bfdd7ad6260c403a638db120a096e6aeda4f403ca4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4b6f772365fc7c443f8244db46b93c54463c187cc6e8a3d64e9d028842ab5325
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e2bb80738af8c6820c65f0bfdd7ad6260c403a638db120a096e6aeda4f403ca4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4311BF32600205FFDB149FA4CC49FAF7BB9EF46355F184429F981A7210D736AA94CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 001614FF
                                                                                                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00161506
                                                                                                                                                                                                                                                                                                                                                            • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00161515
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000004), ref: 00161520
                                                                                                                                                                                                                                                                                                                                                            • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0016154F
                                                                                                                                                                                                                                                                                                                                                            • DestroyEnvironmentBlock.USERENV(00000000), ref: 00161563
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b4e2b50ffec4c56571e75cb7a83feac8cec387f765a269579e41b75c3498caa4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2294340cba18a5afa100af76254284fdc2712c140cc35ea70bca10d9d8e8db8b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4e2b50ffec4c56571e75cb7a83feac8cec387f765a269579e41b75c3498caa4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E112972505209BBDF118FA8EE49BDE7BA9EF49744F084015FA45A2060C3758EA0DBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00123379,00122FE5), ref: 00123390
                                                                                                                                                                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0012339E
                                                                                                                                                                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 001233B7
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00123379,00122FE5), ref: 00123409
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4236fc6a3df94f6668ad10112b24acb3304246b1978049f97b494b1c36613dc0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 18a86fa6da169860b690f1a5f47057abb6773e91bba7a05dd7ba24e533a64ec7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4236fc6a3df94f6668ad10112b24acb3304246b1978049f97b494b1c36613dc0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09012432208331BFAA2937747C85A262E99FB25779720022AF430902F0EF198F725294
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00135686,00143CD6,?,00000000,?,00135B6A,?,?,?,?,?,0012E6D1,?,001C8A48), ref: 00132D78
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00132DAB
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00132DD3
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,0012E6D1,?,001C8A48,00000010,00104F4A,?,?,00000000,00143CD6), ref: 00132DE0
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,0012E6D1,?,001C8A48,00000010,00104F4A,?,?,00000000,00143CD6), ref: 00132DEC
                                                                                                                                                                                                                                                                                                                                                            • _abort.LIBCMT ref: 00132DF2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 21c02d9bd3dac6d664496df005bb1e7244f8cc79d86583985aed0fea61b5734e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7963e2f08ca5ab64d37d70fef0de824102d3af604c2d0b60475578ee006b53bb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21c02d9bd3dac6d664496df005bb1e7244f8cc79d86583985aed0fea61b5734e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00F0FC31505A106BC61237B5BC06F1F295ABFD17B1F250419F828D35D2EF34CD4252A0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00119693
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119639: SelectObject.GDI32(?,00000000), ref: 001196A2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119639: BeginPath.GDI32(?), ref: 001196B9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119639: SelectObject.GDI32(?,00000000), ref: 001196E2
                                                                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00198A4E
                                                                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,00000003,00000000), ref: 00198A62
                                                                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00198A70
                                                                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,00000000,00000003), ref: 00198A80
                                                                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 00198A90
                                                                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 00198AA0
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0b5f5171f7f6374e5997d26727257ceb667d3de8aabfd128b96ef78d25cd8aa8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3f41d2563b322144706870ac209f6193a693413d50d766fe5bb9cf5c3a8dbf08
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b5f5171f7f6374e5997d26727257ceb667d3de8aabfd128b96ef78d25cd8aa8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2111B7600010CFFDF129F90DC88EAA7F6DEB08354F048022FA599A5A1C771AD95DFA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00165218
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 00165229
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00165230
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00165238
                                                                                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0016524F
                                                                                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00165261
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6214159adb2e6d8ded859c920d66f3b3294efcdda8bd5f9eba6ea455b1b5bc93
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: eb48e789f44ac6ac49b968c0678c595b1135376c434820302d99e380f15161d2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6214159adb2e6d8ded859c920d66f3b3294efcdda8bd5f9eba6ea455b1b5bc93
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B014F75A00718FBEB109BA59C49A5EBFB9EB48751F044066FA44AB781D6709810CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00101BF4
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 00101BFC
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00101C07
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00101C12
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 00101C1A
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00101C22
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 402d20ea0158288869406f553bc8c7f9ae66c23e9a7ae413d6dea2c1cdf10da7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fb84176ac6bca13e35e7bdbb1887a5cd43b35494e0995bf78fe9f44bdef903e1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 402d20ea0158288869406f553bc8c7f9ae66c23e9a7ae413d6dea2c1cdf10da7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E016CB09027597DE3008F5A8C85B52FFA8FF19354F00411B915C47A41C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0016EB30
                                                                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0016EB46
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 0016EB55
                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0016EB64
                                                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0016EB6E
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0016EB75
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 634fcdb0b34b757ea2dd7f4c37d915da3d7eb3acbb9da43c8262e538972f49ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 79d9f675efa417d8ba57e923bc701eddd2688cdd5a7f2ca8aaa96c71cbfe4ddf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 634fcdb0b34b757ea2dd7f4c37d915da3d7eb3acbb9da43c8262e538972f49ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9FF05E72640158BBE7215B629C0EEEF3E7CEFCAB11F00016AF641D1591E7A05A41CAF9
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?), ref: 00157452
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 00157469
                                                                                                                                                                                                                                                                                                                                                            • GetWindowDC.USER32(?), ref: 00157475
                                                                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,?), ref: 00157484
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00157496
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000005), ref: 001574B0
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2966952aefe7cc1abe078d5ab8d69a4bc30680f4b33571dc68aa52bc9fffec41
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b9d8f49ef782bf36858b5bb6990169a5b371dfa2bc75a8314456f88966b6da63
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2966952aefe7cc1abe078d5ab8d69a4bc30680f4b33571dc68aa52bc9fffec41
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18018B31500205FFEB105FA4EC09BFABBB6FB04722F510061FD66A25A0CB311E81AB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0016187F
                                                                                                                                                                                                                                                                                                                                                            • UnloadUserProfile.USERENV(?,?), ref: 0016188B
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00161894
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0016189C
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 001618A5
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 001618AC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a4d3a1a581358b704ab0ae9fb29215451e7219fbc3a9aea4608bf6ca18d6dd54
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c3d939490e71aa1e311b61d3fc36d88bfd9d0d0d3c57671dc0c9572be2f733bd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4d3a1a581358b704ab0ae9fb29215451e7219fbc3a9aea4608bf6ca18d6dd54
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98E0E536004101FBDB015FA1EE0C90ABF39FF49B22B108222F26581870CB3294A0DFA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00107620: _wcslen.LIBCMT ref: 00107625
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0016C6EE
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0016C735
                                                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0016C79C
                                                                                                                                                                                                                                                                                                                                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0016C7CA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 858f44bdf1fc43efaf836b300cfd73c909c5cf584c7443b6064348a70b164558
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9e29928e8b293be2fe9ea1b467cc488c5e17fb778220c687753ae343e4f8eae9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 858f44bdf1fc43efaf836b300cfd73c909c5cf584c7443b6064348a70b164558
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C351CD72605301ABD7149F28CC85ABBB7E8AF59314F040A2EF9D5D32A0DB60D864CBD6
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 0018AEA3
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00107620: _wcslen.LIBCMT ref: 00107625
                                                                                                                                                                                                                                                                                                                                                            • GetProcessId.KERNEL32(00000000), ref: 0018AF38
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0018AF67
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 43410b751a3019b364151503e917b6cb468ef3652d5735e645dfed256345ebe2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2d2bad3cf54457c3d49828d3df9e93817dbb03c6211b4b416a5a8aca865f64ac
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43410b751a3019b364151503e917b6cb468ef3652d5735e645dfed256345ebe2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83714870A00615DFDB14EF64D494A9EBBF0BF08314F44849AE856AB392CB74EE81CF91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00167206
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0016723C
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0016724D
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 001672CF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2fefc9fd1132fb2e17bb7983ab8181f927f012027140f78b6da396d7e91bdf81
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 10daa558702d015dae4a2d536b1fe20fa3052e7b0329e6efecbedb10ac76ddb1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2fefc9fd1132fb2e17bb7983ab8181f927f012027140f78b6da396d7e91bdf81
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B418F72A04204EFDB15CF94CC94B9A7BA9EF44318F1580ADFD059F28AD7B0D955CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00193E35
                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 00193E4A
                                                                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00193E92
                                                                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 00193EA5
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1134027e4ea10b624f7fb85db04eaa0a03ea28609dd2d50b14acb2c98d40e94d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 11df2b591f7057cc980921b81c4e75b25cee3773c6216851b667f7e7bdc746f0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1134027e4ea10b624f7fb85db04eaa0a03ea28609dd2d50b14acb2c98d40e94d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6414775A01209AFDF14DF50D884AEABBB9FF49354F04412AE925A7650D730AE45CFA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00109CB3: _wcslen.LIBCMT ref: 00109CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00163CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00163CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00161E66
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00161E79
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000189,?,00000000), ref: 00161EA9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00106B57: _wcslen.LIBCMT ref: 00106B6A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: da45a5f71480d33496a34199271a4ada0554a1d9c199118878510cacb99651de
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9395e061cc3fb20e3f253ca4603d8fb73453727e40bbf2ecd1a76594c90946e3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da45a5f71480d33496a34199271a4ada0554a1d9c199118878510cacb99651de
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7821AB72E00104BFDB08AB64DC45CFFBBB9DF61350F08402AF861A72E1DB758D5A9620
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00192F8D
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?), ref: 00192F94
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00192FA9
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00192FB1
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 998429b8bbda803ad14d43566315d26533534d495a8221f637ddd654914e0210
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d0621ea82f171868e8042641d20c7ce2aa9319e51fc30b899b340f087b2e5761
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 998429b8bbda803ad14d43566315d26533534d495a8221f637ddd654914e0210
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F221A972600209BBEF108FA4DC80EBB77B9EB69364F100629FA54D21A0D771DC919BA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00124D1E,001328E9,?,00124CBE,001328E9,001C88B8,0000000C,00124E15,001328E9,00000002), ref: 00124D8D
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00124DA0
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00124D1E,001328E9,?,00124CBE,001328E9,001C88B8,0000000C,00124E15,001328E9,00000002,00000000), ref: 00124DC3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b8f9a5aa5c4b50d63de71378eeb246a65a8eb043182a3b63e2c48f71f3e02a18
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d91187b0c6e63257b56ba50781dec4f953930f426fe5f3ba560ec0fb285815d2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8f9a5aa5c4b50d63de71378eeb246a65a8eb043182a3b63e2c48f71f3e02a18
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3F03C35A40218ABDB119B94EC49BEDBBA5EB58751F4001A9F849A2660DB309E90CAD4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32 ref: 0015D3AD
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0015D3BF
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 0015D3E5
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 145871493-2590602151
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 922fd005f8e09ae59c2ece17d90c5becf51d470d851ffaf4225e924bf6b70895
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a824ccf727b1203f61020958e305f503d5f5f693b10291a9b9f3ea5cbdaabbbb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 922fd005f8e09ae59c2ece17d90c5becf51d470d851ffaf4225e924bf6b70895
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27F02771405621EBD7795720AC089997210BF10703F52416AFC52FA110DB60CDC88BC6
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00104EDD,?,001D1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00104E9C
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00104EAE
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00104EDD,?,001D1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00104EC0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: afb7676c88c28d34a3a2266a8db7216fb1b9982f4e7c298b83b4aa0bd9aa13be
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e1b1396891f336f22f69090ca89feb757565df3bfbc5720c5809c9bdca710f22
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: afb7676c88c28d34a3a2266a8db7216fb1b9982f4e7c298b83b4aa0bd9aa13be
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75E0CD35A015229BD2311725FC18B9F7554AF81F627050126FD85D3550DBA4CD4244F8
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00143CDE,?,001D1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00104E62
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00104E74
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00143CDE,?,001D1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00104E87
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2d668b733f1166d7195d5dd3c37b4139c0be528b1e44bc0a03d1276658f202aa
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 72a44a6768976f5a35d32d3ea4c9e564a2ce1283da49b58872547fc14743546d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d668b733f1166d7195d5dd3c37b4139c0be528b1e44bc0a03d1276658f202aa
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2D05B3550263197EA321B25FC1CECF7A18AF85F51345453AFA89E3194CFA5CD41C5D4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00172C05
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?), ref: 00172C87
                                                                                                                                                                                                                                                                                                                                                            • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00172C9D
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00172CAE
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00172CC0
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3d4ea4e65345db29a9652cd3a3652e8102420b4a60cb900ece6ae5aa8449bfd7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7ba31b5f0a0f76422c48a8dec6ef19b085373ac01c93b3a1595861b67f5e4f7d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d4ea4e65345db29a9652cd3a3652e8102420b4a60cb900ece6ae5aa8449bfd7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44B15E71900129ABDF25DBA4CC85EDFB7BDEF59350F1080AAF509E7141EB309A858F61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 0018A427
                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0018A435
                                                                                                                                                                                                                                                                                                                                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0018A468
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0018A63D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1e143e8ec60fef6a52539cb80d9efd032a0631303cb22990b9bd83c90ac84de1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c4362dad9edf349656008a34564bb4eb48c6d96d7e5954df60c5cb44c0687f78
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e143e8ec60fef6a52539cb80d9efd032a0631303cb22990b9bd83c90ac84de1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAA1C4716043019FE720EF18D886F2AB7E1AF98714F54881DF5999B2D2DBB0ED418F92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,001A3700), ref: 0013BB91
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,001D121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0013BC09
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,001D1270,000000FF,?,0000003F,00000000,?), ref: 0013BC36
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013BB7F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001329C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0013D7D1,00000000,00000000,00000000,00000000,?,0013D7F8,00000000,00000007,00000000,?,0013DBF5,00000000), ref: 001329DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001329C8: GetLastError.KERNEL32(00000000,?,0013D7D1,00000000,00000000,00000000,00000000,?,0013D7F8,00000000,00000007,00000000,?,0013DBF5,00000000,00000000), ref: 001329F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013BD4B
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1286116820-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 63133df76a3bc19a6523338277fd8c294faa249519b0853467788c85eb0e7164
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9d3ef46f455e52e1469425ead1d57a5f5aa5ae3b4711c33e489491a808b2c370
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63133df76a3bc19a6523338277fd8c294faa249519b0853467788c85eb0e7164
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE51C871908219FFCB24EFA59CC19AAB7B8FF54310F10026BE654E7291FB309E808790
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0016CF22,?), ref: 0016DDFD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0016CF22,?), ref: 0016DE16
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016E199: GetFileAttributesW.KERNEL32(?,0016CF95), ref: 0016E19A
                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 0016E473
                                                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0016E4AC
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0016E5EB
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0016E603
                                                                                                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0016E650
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fbfefd97daa3d412e9eb9bd21bc4ffe4f1195b2f6f04c7d4367bfd4cf1af2863
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ea86dca1bb5b29cf51f4bc16ab026391c9a8b5cde305c52dd7b0e807e9a971e4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fbfefd97daa3d412e9eb9bd21bc4ffe4f1195b2f6f04c7d4367bfd4cf1af2863
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 275194B24083849BC724EBA0DC919DF73ECAF94340F00491EF689D3191EF74A698C76A
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00109CB3: _wcslen.LIBCMT ref: 00109CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0018B6AE,?,?), ref: 0018C9B5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018C998: _wcslen.LIBCMT ref: 0018C9F1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018C998: _wcslen.LIBCMT ref: 0018CA68
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018C998: _wcslen.LIBCMT ref: 0018CA9E
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0018BAA5
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0018BB00
                                                                                                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0018BB63
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?), ref: 0018BBA6
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0018BBB3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fd50e6fa6d4aa3dae66ccde5788135f360199cee8c0635f15c2aaa39a9dcb54d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 47034c61785bb411bb6d0dad1c84c9b851aa6f4f8e0ef95fe525c65d5530bbcc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd50e6fa6d4aa3dae66ccde5788135f360199cee8c0635f15c2aaa39a9dcb54d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0613B31208241AFD718EF14C4D1E2ABBE5BF84308F54855DF4998B2A2DB71EE45CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00168BCD
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 00168C3E
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 00168C9D
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00168D10
                                                                                                                                                                                                                                                                                                                                                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00168D3B
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c2484e36508102137d50bddde4847a65b609fde02e05ea5a8a3b899a12e73aa8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 76a323aee5fb3196969c65a1a6a6081f65d1c58e4908880ad861aa5b353dc80e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c2484e36508102137d50bddde4847a65b609fde02e05ea5a8a3b899a12e73aa8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0516BB5A00219EFCB14CF68C894AAAB7F8FF89310B158559F945DB350E730E921CFA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00178BAE
                                                                                                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00178BDA
                                                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00178C32
                                                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00178C57
                                                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00178C5F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9dcbc4cd7fac3358aba3d79236de99e1e97e7f8c6cfff1d81e3567c2457ae89b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5967196b0e1024340846b05b2338ed385be6b02465bde6716de5d71b2099aaf2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9dcbc4cd7fac3358aba3d79236de99e1e97e7f8c6cfff1d81e3567c2457ae89b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93515A35A002159FCB05DF64C885AAEBBF5FF48314F08C459E849AB3A2CB71ED81CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00188F40
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00188FD0
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 00188FEC
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00189032
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00189052
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0011F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00171043,?,7735E610), ref: 0011F6E6
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0011F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0015FA64,00000000,00000000,?,?,00171043,?,7735E610,?,0015FA64), ref: 0011F70D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9d74a930d9d176936141c5633f035013d79fc01e254f92a3a790159d388386d4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 781746ae2a0a92d31aa4d0355b3d93e10a05644df7c5c8dad408c4afa8321eb6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d74a930d9d176936141c5633f035013d79fc01e254f92a3a790159d388386d4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FB516D34604205DFC715EF58C4948ADBBF1FF59314B4980A9E94AAB3A2DB31EE85CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00196C33
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,?), ref: 00196C4A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00196C73
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0017AB79,00000000,00000000), ref: 00196C98
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00196CC7
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dde946ed4beaf067a03995c20da6092574f2dcf588e12ff5ec425ac151ca4672
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 63f7c9ed2cad1f88750965021e864ae34e2c94afc6598cc40405524a0474dc38
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dde946ed4beaf067a03995c20da6092574f2dcf588e12ff5ec425ac151ca4672
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9441B235A04104BFDF28DF68CD58FA97BA5EB0A350F150269F899A72E0D371ED41DAA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b91f746966ff981bc4312f5b52ddccd77ba35357dc56d7f2f5ac8db999ea6612
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: daec6f6c9aa95eca9c2a5f079c7f5dbf1fff406d97fc5912b006c79a191f33fb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b91f746966ff981bc4312f5b52ddccd77ba35357dc56d7f2f5ac8db999ea6612
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5941D336A00210AFCB24EF78C981A9EB7F5EF89714F1545A8E515EB351D731ED01CB80
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00119141
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(00000000,?), ref: 0011915E
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000001), ref: 00119183
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000002), ref: 0011919D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1e69ca1d122a3917e70d09c04117c8406e1de1217b9e3e42c6ac5aa8b1ed94ba
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b9799cc048e580c8cfc153153f9e33ac1647347babe97b954b29946e8771c11e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e69ca1d122a3917e70d09c04117c8406e1de1217b9e3e42c6ac5aa8b1ed94ba
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65414071A0851AFBDF199F64D899BEEB774FB05334F204225E835A72D0C7306994CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetInputState.USER32 ref: 001738CB
                                                                                                                                                                                                                                                                                                                                                            • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00173922
                                                                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 0017394B
                                                                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 00173955
                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00173966
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: de30a39fcfd988ee1315aad7840b86861c370e637b51cc61e5996ce6fe6d759a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4207045febc26c9f21af6c6e5783e342f55db824fa90253b8a0bc78583272523
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de30a39fcfd988ee1315aad7840b86861c370e637b51cc61e5996ce6fe6d759a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF31E970506341BEEB39CB74D848BB637B8AB15308F04856EE57A825E0E3B49AC5EB51
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0017C21E,00000000), ref: 0017CF38
                                                                                                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,00000000,?,?), ref: 0017CF6F
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,?,?,?,0017C21E,00000000), ref: 0017CFB4
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,0017C21E,00000000), ref: 0017CFC8
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,0017C21E,00000000), ref: 0017CFF2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 67deff4503bc1a31f69ac4a9b31158bcdeeffebf57647133cc1f54223f95d522
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0438e748e5e129c9e22b949ebf2983c8d7b903103da9a340ba52b2226bf43b72
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67deff4503bc1a31f69ac4a9b31158bcdeeffebf57647133cc1f54223f95d522
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72315C71600605EFDB24DFA5D884AABBBF9EF14350B10842EF55AD2141DB30AE81DBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00161915
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000001,00000201,00000001), ref: 001619C1
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?), ref: 001619C9
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000001,00000202,00000000), ref: 001619DA
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?), ref: 001619E2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d91406728c8f23a6ee38f45f08a69f17740c29baaba3eb1bb808b7092df3a78e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c7148cd92f4a1a7e4983af56eefffbf7749d6be83f772d47010865757bfbd71a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d91406728c8f23a6ee38f45f08a69f17740c29baaba3eb1bb808b7092df3a78e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3431A072A00219FFCB04CFA8CD99AEE7BB5EB45319F144229F961A72D1C7709954CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00195745
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 0019579D
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 001957AF
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 001957BA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00195816
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 33f54ce355d303f6eb5e42186efc02bf01688a49da2ca0b255e00cd3dc5a1814
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e71bb49e94dd91039fcc5625c4e78d64f856c325223eb10887062a8bf07e61b6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33f54ce355d303f6eb5e42186efc02bf01688a49da2ca0b255e00cd3dc5a1814
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9218271904618AADF219FA0DC85AEE7BB9FF14724F108216E929FB180E7708AC5CF50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 00180951
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00180968
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 001809A4
                                                                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,00000003), ref: 001809B0
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000003), ref: 001809E8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 25e4555c1e6ba8dc186380b4b10caf27369bacaeec204fe16a047fd90d67d566
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 886edbe4e0d5682a9b3b04f33e1dadd3397c366b3b55ad605d4dabd565416bac
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25e4555c1e6ba8dc186380b4b10caf27369bacaeec204fe16a047fd90d67d566
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32218135A00204AFD714EF69DC84AAEBBF5EF58704F048069E89AD7762DB70AD44CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 0013CDC6
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0013CDE9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00133820: RtlAllocateHeap.NTDLL(00000000,?,001D1444,?,0011FDF5,?,?,0010A976,00000010,001D1440,001013FC,?,001013C6,?,00101129), ref: 00133852
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0013CE0F
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013CE22
                                                                                                                                                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0013CE31
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0d1f0efc34f248de617559c055779e1f0788d2fe8c0d57e51c3d5ece125714aa
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 742f85ac22ec27e4d3339845c2297d4954e4f2d0319bd910d58bfc73f764652d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d1f0efc34f248de617559c055779e1f0788d2fe8c0d57e51c3d5ece125714aa
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4001A7726012257FA72126BA6C8CD7B7D6DEFC6BA1B15013AFD05E7201EB618D0193F4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00119693
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 001196A2
                                                                                                                                                                                                                                                                                                                                                            • BeginPath.GDI32(?), ref: 001196B9
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 001196E2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 06a2f2b4e0f5d908eead65466b5347051e79ace45894e5cfb34534c53ab50881
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 84ada0520a9b82ef5a0eb505d9a6ecdae6a41885775bcab52852315837dbab90
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06a2f2b4e0f5d908eead65466b5347051e79ace45894e5cfb34534c53ab50881
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA217C70903305FBDB199F64EC297E93BA9BB1036AF100227F820A65B1D37098D5CBA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6ed1d9bbbb2fa8839aae42980c425c0cefed934109e6320d60522274f04d0acd
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a44db0a7e2443c7005dd961e1eaba33a8ae5f8f73d090337431d28d645c151ed
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ed1d9bbbb2fa8839aae42980c425c0cefed934109e6320d60522274f04d0acd
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC01B571641619BBD708D510AD82FBB735FAB313B4F804024FD05AA642F761ED3182E0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,0012F2DE,00133863,001D1444,?,0011FDF5,?,?,0010A976,00000010,001D1440,001013FC,?,001013C6), ref: 00132DFD
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00132E32
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00132E59
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00101129), ref: 00132E66
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00101129), ref: 00132E6F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5869c312a08bdf7c6bbd64ea3514849b4862f043ebc655227c1d879e0144f0e4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 14c650de569c8c0cf7b9d0c83c154e05dc0ceeefb1eccec28bb8ce5a894a7870
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5869c312a08bdf7c6bbd64ea3514849b4862f043ebc655227c1d879e0144f0e4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E0128322056006BCA2277B57C47E2B2A5EABE53B5F250039F425A32D2EF70CC4151A0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0015FF41,80070057,?,?,?,0016035E), ref: 0016002B
                                                                                                                                                                                                                                                                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0015FF41,80070057,?,?), ref: 00160046
                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0015FF41,80070057,?,?), ref: 00160054
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0015FF41,80070057,?), ref: 00160064
                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0015FF41,80070057,?,?), ref: 00160070
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 73c3140d85f766099145dccf3dabee34c81e514c5b46e138d1043c5e29866a4c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 355f756f004cc8dcc3c635c05bbb853a4b4d4c869e5149ca9b18c1a2576c960e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 73c3140d85f766099145dccf3dabee34c81e514c5b46e138d1043c5e29866a4c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F101AD72600214BFDB124F68DC08BABBAEDEF48792F244129F945D2210E7B1DD908BA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0016E997
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 0016E9A5
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 0016E9AD
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0016E9B7
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32 ref: 0016E9F3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 208257dbfcfa8dc930e85066f8aba041a8eb1b919ff492e601e77326925acd86
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: eef561912ecbe589521311deba55ddc6092b45595d66bfbc730f8ffcee395b99
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 208257dbfcfa8dc930e85066f8aba041a8eb1b919ff492e601e77326925acd86
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5018C35C0162DDBCF00AFE8DC59AEDBBB8FF08704F010656E942B2240CB3095A0CBA5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00161114
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,00160B9B,?,?,?), ref: 00161120
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00160B9B,?,?,?), ref: 0016112F
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00160B9B,?,?,?), ref: 00161136
                                                                                                                                                                                                                                                                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0016114D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 09aa3b0879cb3f2e7113a972162385b852c481d3a3bff0115fb014094050cb60
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d66802a31623c42d90917bf86f1258c29d6e12dba87df0855e0254f83ac692d8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09aa3b0879cb3f2e7113a972162385b852c481d3a3bff0115fb014094050cb60
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3018179100205BFDB114FA4DC49E6A3F6EEF86360B544426FA81C3360DB31DC508AA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00160FCA
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00160FD6
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00160FE5
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00160FEC
                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00161002
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8c87458094c8e2230f2fac99724096d7dc594a7bb46886074d5bcc710bb493b4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7a8f720a204cf4874c38ef8a8c40d454270e2d615dc22a82a656ede7f5f38c15
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c87458094c8e2230f2fac99724096d7dc594a7bb46886074d5bcc710bb493b4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87F04939200301FBDB214FA49C49F5A3BADEF89762F644426FA85C6261CA70DC90CAB0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0016102A
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00161036
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00161045
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0016104C
                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00161062
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 68676591ee81aa8716ddcad6e37eabbee4adea28417e387df4efe631db94420b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9329b27bf69bb11daa362ad6167c2f7df083a5e362ab111f7f7dc114afa2a71c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68676591ee81aa8716ddcad6e37eabbee4adea28417e387df4efe631db94420b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79F06239100311FBDB215FA4EC49F563B6DFF89761F240415F985C7260CB70D9908AB0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0017017D,?,001732FC,?,00000001,00142592,?), ref: 00170324
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0017017D,?,001732FC,?,00000001,00142592,?), ref: 00170331
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0017017D,?,001732FC,?,00000001,00142592,?), ref: 0017033E
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0017017D,?,001732FC,?,00000001,00142592,?), ref: 0017034B
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0017017D,?,001732FC,?,00000001,00142592,?), ref: 00170358
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0017017D,?,001732FC,?,00000001,00142592,?), ref: 00170365
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: df73b691840f989c44b57530eee06c1c23c229c03986c23310a2ca65dfe79ce0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 44ea69446641afa6c2361a596c36ff62069f1cd93833c50e91f57ea09a94bde5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: df73b691840f989c44b57530eee06c1c23c229c03986c23310a2ca65dfe79ce0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68019C72800B15DFCB31AF66D880812FBF9BF643153158A3FD1AA52931C3B1A998CE80
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013D752
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001329C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0013D7D1,00000000,00000000,00000000,00000000,?,0013D7F8,00000000,00000007,00000000,?,0013DBF5,00000000), ref: 001329DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001329C8: GetLastError.KERNEL32(00000000,?,0013D7D1,00000000,00000000,00000000,00000000,?,0013D7F8,00000000,00000007,00000000,?,0013DBF5,00000000,00000000), ref: 001329F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013D764
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013D776
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013D788
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013D79A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fb40d32ae985d7b0e6cade275e3195ebe3ce549c2505abe1760ebe2919e2f1b0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 84dcc1192ca76c19d9218c70080fb0bdba584b5fecf45fadb7e46f5307b5c6f8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb40d32ae985d7b0e6cade275e3195ebe3ce549c2505abe1760ebe2919e2f1b0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17F01272544225ABCA21FB64F9C6D1A7BDEBB54718F950845F148D7901C730FC8087A4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00165C58
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 00165C6F
                                                                                                                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 00165C87
                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,0000040A), ref: 00165CA3
                                                                                                                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000001), ref: 00165CBD
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dbe5323a26977c3ef58ff840b140d092bfc011f1d2cc6aeff9a06621bed2fa0c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9ee52d3c4d42844f28764698a17fea92321715813c1ec3e63781543d20f2c3e2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dbe5323a26977c3ef58ff840b140d092bfc011f1d2cc6aeff9a06621bed2fa0c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90018130500B04AFEB245B10DD4EFA67BBDBB00B05F01055AA5C3A15E1DBF0A9948B90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 001322BE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001329C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0013D7D1,00000000,00000000,00000000,00000000,?,0013D7F8,00000000,00000007,00000000,?,0013DBF5,00000000), ref: 001329DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001329C8: GetLastError.KERNEL32(00000000,?,0013D7D1,00000000,00000000,00000000,00000000,?,0013D7F8,00000000,00000007,00000000,?,0013DBF5,00000000,00000000), ref: 001329F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 001322D0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 001322E3
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 001322F4
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00132305
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 38329dd02b1b6633db3dfc183e03762eb866e95d3ad1b497ca424d693f2c3af3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 60d820f99ee4a5fa21895ad3c8e864fb00afcdae742d16bc84bda0e707b42c13
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 38329dd02b1b6633db3dfc183e03762eb866e95d3ad1b497ca424d693f2c3af3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26F0B775803130ABCA12BF94BC01A493B65F728B65F25054BF414D7AB1C7314D92AFE4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 001195D4
                                                                                                                                                                                                                                                                                                                                                            • StrokeAndFillPath.GDI32(?,?,001571F7,00000000,?,?,?), ref: 001195F0
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00119603
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32 ref: 00119616
                                                                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 00119631
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a3b8c4b4d881387fc999908f7f765d1c2be173a07a3b617f51e7f8c76423e5bc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b60844387884227480730446e0d26d57e1f03d23b2d8d931c47d33ca70504407
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3b8c4b4d881387fc999908f7f765d1c2be173a07a3b617f51e7f8c76423e5bc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32F0E735007308FBDB2A5F69ED2CBA83B65AB0132AF048226F4A5658F1C73089D5DF74
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                            • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: adcfe86e1575a3332828a900fa3a0522aefe987a6de603d56822d175ebfa1568
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1ea3fe5af70996071abcdfc3de5e72587710e63d2ef91f26dbd4f6154e9b18ef
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: adcfe86e1575a3332828a900fa3a0522aefe987a6de603d56822d175ebfa1568
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42D13531900206FBDB289F68C895BFFB7B1FF06320F294159E901ABA51D3759D80CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00120242: EnterCriticalSection.KERNEL32(001D070C,001D1884,?,?,0011198B,001D2518,?,?,?,001012F9,00000000), ref: 0012024D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00120242: LeaveCriticalSection.KERNEL32(001D070C,?,0011198B,001D2518,?,?,?,001012F9,00000000), ref: 0012028A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00109CB3: _wcslen.LIBCMT ref: 00109CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001200A3: __onexit.LIBCMT ref: 001200A9
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 00187BFB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001201F8: EnterCriticalSection.KERNEL32(001D070C,?,?,00118747,001D2514), ref: 00120202
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001201F8: LeaveCriticalSection.KERNEL32(001D070C,?,00118747,001D2514), ref: 00120235
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 535116098-3733170431
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 68e37278aebd0c85d35fb267857e73872df6b7305d3eae8000ee4ff1e3a4afcd
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2f852b257022c9b51218538665fce6005a5a9424f9659af952bfc408a50b2655
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68e37278aebd0c85d35fb267857e73872df6b7305d3eae8000ee4ff1e3a4afcd
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E916870A04209EFCB04EF94D9919ADB7B2FF59300F248159F856AB292DB71EE41CF51
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,001621D0,?,?,00000034,00000800,?,00000034), ref: 0016B42D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00162760
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,001621FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0016B3F8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0016B355
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00162194,00000034,?,?,00001004,00000000,00000000), ref: 0016B365
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00162194,00000034,?,?,00001004,00000000,00000000), ref: 0016B37B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 001627CD
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0016281A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ce7a008c6d308a606afac6a8339c21acd85018a2fb8243eeb3092a09a8c3355f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6e4faab18237cd0aa59217ca742ffebe91727d08cb1f3459228194b17d412590
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce7a008c6d308a606afac6a8339c21acd85018a2fb8243eeb3092a09a8c3355f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 11411C72900218AFDB10DFA4CD86EEEBBB8AF19700F108055FA55B7181DB706E95CBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00131769
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00131834
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0013183E
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                            • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2506810119-3587028468
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 91b109ce1b92fd1414550c4cc25ee5f77769569f9ce373a3eb2b37fcc832e240
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: eaaaff77d58422217d36a5d9b315e7b1d965a55a29d78094539d96f3ac40c706
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 91b109ce1b92fd1414550c4cc25ee5f77769569f9ce373a3eb2b37fcc832e240
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F315D75A41218FBDB21DB999C85D9EBBFCEB95310F2441ABF804A7211D7708E81CBA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0016C306
                                                                                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000007,00000000), ref: 0016C34C
                                                                                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,001D1990,01165D80), ref: 0016C395
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1cc6a52ae676a958fbabb7a12e0b808f76759d6194c31128f1bcfd771aeaa5fe
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c2d444af4bef493a49678529c593ac4d389d665bd13a9cf7fc5daee3e77e570c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1cc6a52ae676a958fbabb7a12e0b808f76759d6194c31128f1bcfd771aeaa5fe
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B418C312043019FD724DF29DC84B6ABBE8BB95320F148A1EF9A5973D1D770E914CBA2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0019CC08,00000000,?,?,?,?), ref: 001944AA
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32 ref: 001944C7
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 001944D7
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                            • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f788eff8a6ea5bc7f5ddd6325cbaecc1b0f08de88e42556a10ea2446e108d90f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f571a25d1f652c0054131d39182472bdd98403d3a6480cb6fa2b94135d11c0f7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f788eff8a6ea5bc7f5ddd6325cbaecc1b0f08de88e42556a10ea2446e108d90f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A317C31210205AFEF249E78DC45FEA7BA9EB08324F214725F979931D0D770EC919B90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0018335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00183077,?,?), ref: 00183378
                                                                                                                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0018307A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0018309B
                                                                                                                                                                                                                                                                                                                                                            • htons.WSOCK32(00000000,?,?,00000000), ref: 00183106
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                            • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4eb1f09b6bd2c2aa413668ccc436dae03c604035e9ef6bb635e2188e3c769b05
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ba1dc93bb565d047b673d4ec93a76f359e00451e36a4c6420ff1fac711fc034b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4eb1f09b6bd2c2aa413668ccc436dae03c604035e9ef6bb635e2188e3c769b05
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0231E435604205DFCB10EF28C585EAA77E0EF54B18F298059E9268F792DB72EF41CB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00193F40
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00193F54
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00193F78
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                                                                                            • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 421f5760e8f9462d44298df6b8eed6004be9169c9ebb9ee27d0e327ab9f510ea
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 81e2c718dde2937d6b5fd28f6c8ba29fe155e9e0c6641e7280075bacc06b1542
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 421f5760e8f9462d44298df6b8eed6004be9169c9ebb9ee27d0e327ab9f510ea
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9219C32600219BFDF258F90CC46FEA3B79EB48714F110215FA656B1D0D7B1A9908BA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00194705
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00194713
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0019471A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ae2e0ac9b5b2fd3fb89ef18de7b39de3be17c28506dcea190336edcf91a2068c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4f426dfd11633c730f276acb08838dd9771b4ca432ffee213175f9997a39be56
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae2e0ac9b5b2fd3fb89ef18de7b39de3be17c28506dcea190336edcf91a2068c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D215EB5601208BFDB14DF64DCD1DBB37ADEB5A398B040059FA009B291DB70EC52CA60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3b5f6c2c7d73d4af989328c2c4e823b05563d97ffe8350658561e7e6b5cfeb89
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 96d0db688aa8384387c6da4d248b91eadd48e87fc9f78a1d96a0612be0e08f08
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b5f6c2c7d73d4af989328c2c4e823b05563d97ffe8350658561e7e6b5cfeb89
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20216A7220462067D731AB28DC02FBB73DC9FA1300F15402AF94AD7081EBB1AD66C2D5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00193840
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00193850
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00193876
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 75b3cd6f3710517ebde57b79fff5e87c4becb4d1edc9280541c3aa8a69df9f72
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d56973921b10131889f956e2d76e4833adf9a107537c7e4a5f6791bbac27227e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75b3cd6f3710517ebde57b79fff5e87c4becb4d1edc9280541c3aa8a69df9f72
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A21D172600218BBEF218F94CC85FBB376EEF89750F108124F9509B190C771EC528BA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00174A08
                                                                                                                                                                                                                                                                                                                                                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00174A5C
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,0019CC08), ref: 00174AD0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                            • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c25e3c6cd5379f55372aef6cae8d5788bb9fd7339e7105a64d99477fa0827e19
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c79ef19e6f0577b7f4cc1ee096602a3a787dc36588f78ff5440794c599721de4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c25e3c6cd5379f55372aef6cae8d5788bb9fd7339e7105a64d99477fa0827e19
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99315175A00109AFDB10DF54C985EAA7BF8EF18308F1480A9F949DB292D771EE45CBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0019424F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00194264
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00194271
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3e105ea0a2a39f9b778f27b435e1b9c2da00fa4b613b22e5cba681fc5b6e2bfb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 330b8ba88cf37670b9a33b9df280412f65b5f4780188b2cc6ed261dcaf2e3bd5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e105ea0a2a39f9b778f27b435e1b9c2da00fa4b613b22e5cba681fc5b6e2bfb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C11E332240208BFEF209F29DC06FAB3BACEF95B54F110524FA55E2190D3B1D8529B20
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00106B57: _wcslen.LIBCMT ref: 00106B6A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00162DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00162DC5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00162DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00162DD6
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00162DA7: GetCurrentThreadId.KERNEL32 ref: 00162DDD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00162DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00162DE4
                                                                                                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 00162F78
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00162DEE: GetParent.USER32(00000000), ref: 00162DF9
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00162FC3
                                                                                                                                                                                                                                                                                                                                                            • EnumChildWindows.USER32(?,0016303B), ref: 00162FEB
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d3ab41ce2c0273b672b9b889a704cfc35139c5b9e711a841582c45b9e3b3cd8a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3f1b099794524b5711cbbb5a6488327ff9f60e92975938c4045d67dce8b5d0a4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d3ab41ce2c0273b672b9b889a704cfc35139c5b9e711a841582c45b9e3b3cd8a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2117FB57002056BDF14BFA4CC85EEE376AAFA4304F048079FD599B292DF7099598B60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 001958C1
                                                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 001958EE
                                                                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32(?), ref: 001958FD
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 332345060bcad888b8c99664a4e2aea40085742440942cb939a4c334e956537e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0aaa0f203b61c58b0839d01aa89a49841e37c2fae1803db09876cab16d10abbc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 332345060bcad888b8c99664a4e2aea40085742440942cb939a4c334e956537e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73016D31600218EFEF269F21DC44BEEBBB5FB45764F1180AAE849E6151DB308AC5DF61
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a340989a6bdd9ddf4346b4fbda0374121228f061c94343efecff520b739b7c4e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d6ab64c01b7d513000d7004a15796dbdab8a724acbc5876472118e8ef378ebbd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a340989a6bdd9ddf4346b4fbda0374121228f061c94343efecff520b739b7c4e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5C16C75A00206EFCB15CFA8CC94AAEB7B5FF48705F118598E505EB251D731EE91CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 04bcc829d0dd0c29abc8633f711076c222aa1b70c63c9b90350fb5e2bb2b55e7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ACA15872E007969FEB29CF28C8917AEBFE4EF61350F18416DE5959B281C338AD81C751
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cbb8595038fab025ff590f17f26a085b8179ee928baaa26b13849149659ab681
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 318c6cee3cbfea0b416b98447fbe6c892252536e0f4c70af55222c51c5dad3b4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cbb8595038fab025ff590f17f26a085b8179ee928baaa26b13849149659ab681
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BBA13C756043009FC704EF28C885A6AB7E5FF98714F188859F9999B3A2DB70EE41CF91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0019FC08,?), ref: 001605F0
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0019FC08,?), ref: 00160608
                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(?,?,00000000,0019CC40,000000FF,?,00000000,00000800,00000000,?,0019FC08,?), ref: 0016062D
                                                                                                                                                                                                                                                                                                                                                            • _memcmp.LIBVCRUNTIME ref: 0016064E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 721859adb6930436e653f9787446ffe5247a02f1fefa91a7c1e04ec08c3dbd56
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9f03eac06fcf79b2bdc30c093aeb08ec87e4781369c74c4bf54a12f3ff06a8df
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 721859adb6930436e653f9787446ffe5247a02f1fefa91a7c1e04ec08c3dbd56
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01810971A00209EFCB05DF94C988EEEB7B9FF89315F204558E506AB250DB71AE56CF60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 0018A6AC
                                                                                                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 0018A6BA
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00109CB3: _wcslen.LIBCMT ref: 00109CBD
                                                                                                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 0018A79C
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0018A7AB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0011CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00143303,?), ref: 0011CE8A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: de7e31ce4a6fe373505312219558121ac11947f76fa496892761d1056e02a756
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c8fb8bbd876490b3c5d14214996014c6cbb7ebf8ec4fc90b66c83c6f3999a636
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de7e31ce4a6fe373505312219558121ac11947f76fa496892761d1056e02a756
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F516E715083019FD710EF24C886A6BBBE8FF99754F40892EF58597292EB70D944CF92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2ef7f3e0480781809c1a57a470c099a737aea17518fed5d01e5b2b27fc5da5bd
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 01246b6d81727857856e70d491ce6ec9486707395e9ca46a5420e9323d34c9e0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ef7f3e0480781809c1a57a470c099a737aea17518fed5d01e5b2b27fc5da5bd
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E413B31A40110BBDB257BB9AC466BE3AB5EF62370F190275F419D61E2E77488C15361
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 001962E2
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00196315
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00196382
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6567f8229facda46c14a42db4371dee4cb38ff6fcad7e5aef0d9ae1f460a69f0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 10b67df4b566d3dbe8e1e38acb3df8bd1be314583a54c65d9c952d32ed3888db
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6567f8229facda46c14a42db4371dee4cb38ff6fcad7e5aef0d9ae1f460a69f0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C515074A01209EFDF14DF68D8909AE7BB5FF55364F10815AF8599B290D730EE81CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 00181AFD
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00181B0B
                                                                                                                                                                                                                                                                                                                                                            • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00181B8A
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00181B94
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 98ff97fb9532221cde317d8818a7a1462499871aed1f0b16cecbe7abd0369176
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dc8c089a1ee4d74d513fbda21a8adc23dee272ad8609d5b7c7860cd942b7e154
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98ff97fb9532221cde317d8818a7a1462499871aed1f0b16cecbe7abd0369176
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3410335600200AFE720AF24C886F6977E5AB48718F54805CF95A8F7D2D7B2ED82CB91
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 57c7a200350e681ca164bd58652e019cc96fc52dec38053efc860ec4089509eb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9b2ddf759cae96bb5de437f1cb63793d5012d8f6f09fb64d769a42f2da2068b5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57c7a200350e681ca164bd58652e019cc96fc52dec38053efc860ec4089509eb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26412A76A04314BFD7249F38CC81B6ABBF9EF98720F10452EF246DB292E77199418780
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00175783
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 001757A9
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 001757CE
                                                                                                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 001757FA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bc46eea8484c1ab42fd68b7d08ee9ade1a0bcd62938e96199b6fe2785dbacb2f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: be25af372f9081a889872539104ccf99cf481aea28154e0d35c3211d2f9bffb0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc46eea8484c1ab42fd68b7d08ee9ade1a0bcd62938e96199b6fe2785dbacb2f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE411D39600610DFCB11DF55D544A5EBBF2EF99320B19C488E88AAB3A2CB74FD40CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00126D71,00000000,00000000,001282D9,?,001282D9,?,00000001,00126D71,8BE85006,00000001,001282D9,001282D9), ref: 0013D910
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0013D999
                                                                                                                                                                                                                                                                                                                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0013D9AB
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0013D9B4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00133820: RtlAllocateHeap.NTDLL(00000000,?,001D1444,?,0011FDF5,?,?,0010A976,00000010,001D1440,001013FC,?,001013C6,?,00101129), ref: 00133852
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 39098c2510983e1b4dfdee569364055993541d309d54c3ae01040ed55c1412ce
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 69096a1b7dc099051bf3ac1a63a98719921aba8d9ced74787bfcd493d541be93
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39098c2510983e1b4dfdee569364055993541d309d54c3ae01040ed55c1412ce
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B031CD72A0021AABDF25DF64EC41EAF7BA5EB44314F054269FC04D7251EB35DD90CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 00195352
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00195375
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00195382
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 001953A8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bfba6d24fac2b693efdc0092d72cae1df8b8f86ae04659d110310cb228f9aa77
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2c47424c6bb81c0f751ee849b84084dcd33141580b10ee076a3a3f1e12b6ba3d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bfba6d24fac2b693efdc0092d72cae1df8b8f86ae04659d110310cb228f9aa77
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A531B034A56A08FFEF369A54CC55BE83767BB05390F584102FA51A62E1C7B09B80DB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,76C1C0D0,?,00008000), ref: 0016ABF1
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 0016AC0D
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000101,00000000), ref: 0016AC74
                                                                                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,76C1C0D0,?,00008000), ref: 0016ACC6
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cdc51dda78ecc9d5480de53704f7ebbe6e1b8e5225faad2033216be3c65b1a3e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b012d97f37b24dbbc90ba2156bb6ef956caa2cd2f7885b456de46ecaaee02e6e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cdc51dda78ecc9d5480de53704f7ebbe6e1b8e5225faad2033216be3c65b1a3e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC314830A003186FFF34CB658C047FE7BB5AF89310F84431AE485A62D0C375D9A19B92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 0019769A
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00197710
                                                                                                                                                                                                                                                                                                                                                            • PtInRect.USER32(?,?,00198B89), ref: 00197720
                                                                                                                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 0019778C
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ed21d5384f0f67d9c7097e2f5fe5b2d984578de85573bf7019a6d59c3109e042
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8b6bbf9f32790d4c6a5fdefd6d9971e5fd790afdb77f107dc7c6d7b61d1d6eb3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed21d5384f0f67d9c7097e2f5fe5b2d984578de85573bf7019a6d59c3109e042
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D541A034A1A254EFDF09CF98C898EA977F5FF49314F1541A9E4149B2A1C730E981CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 001916EB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00163A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00163A57
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00163A3D: GetCurrentThreadId.KERNEL32 ref: 00163A5E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00163A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,001625B3), ref: 00163A65
                                                                                                                                                                                                                                                                                                                                                            • GetCaretPos.USER32(?), ref: 001916FF
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(00000000,?), ref: 0019174C
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00191752
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3550c9f42f119e20cd6e1ff1ca8da5604758f5e91d209246977803b4a5fbb243
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4513930bfc5f125b5305906aa34389cd706b4282c52f41afa257ee516b52a71f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3550c9f42f119e20cd6e1ff1ca8da5604758f5e91d209246977803b4a5fbb243
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C317071E00109AFDB04EFA9C881CAEBBF9EF58304B5080AAE455E7251DB719E45CFA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00107620: _wcslen.LIBCMT ref: 00107625
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0016DFCB
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0016DFE2
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0016E00D
                                                                                                                                                                                                                                                                                                                                                            • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0016E018
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3763101759-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 81077c158b5f6705408c80392710ccf531668eb4699999b23d7a09017c1bf9dd
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bb0326b3fd70cdb3a187566b6a81cdb5a69fe565d93583390618160bafbfddf0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81077c158b5f6705408c80392710ccf531668eb4699999b23d7a09017c1bf9dd
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0219475D00214AFCB109FA8ED81BAE77F8EF55750F144065F805BB285D7B09D51CBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00119BB2
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00199001
                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00157711,?,?,?,?,?), ref: 00199016
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 0019905E
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00157711,?,?,?), ref: 00199094
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ccfe175368edf1f8703545173f83fa5982b136f7f440c925a9c22e2cce260050
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 33629e47905ed573def112c389292fb85fe9f4df8a383724c012a8aada8f7ee0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ccfe175368edf1f8703545173f83fa5982b136f7f440c925a9c22e2cce260050
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD219F35601018FFDF298F99C858EEA7BB9FB49350F08416AF9154B261C33299A0DBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?,0019CB68), ref: 0016D2FB
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0016D30A
                                                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 0016D319
                                                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0019CB68), ref: 0016D376
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b13229029de02a376e30532279cc20ac780fd55de554d634d1e5734088250731
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1cebcc4741f11beddc5a11a6e0061b3725840276ad165bba4837de3f8057fa8b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b13229029de02a376e30532279cc20ac780fd55de554d634d1e5734088250731
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB216DB0A092019FC710DF28E88186A77E8BF56364F504A1EF499C73E1E7319956CB93
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00161014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0016102A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00161014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00161036
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00161014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00161045
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00161014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0016104C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00161014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00161062
                                                                                                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 001615BE
                                                                                                                                                                                                                                                                                                                                                            • _memcmp.LIBVCRUNTIME ref: 001615E1
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00161617
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0016161E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6765bfbfae6f195ceefd6596eaa2d4f555945d31418c433c2a83b05f8bbef3d9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6600d6099f3c9faa67d9deca8873d9248571da896048e166da6c199d70fbd462
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6765bfbfae6f195ceefd6596eaa2d4f555945d31418c433c2a83b05f8bbef3d9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA216632E00108FFDB00DFA8CD45BEEB7B8EF44355F088459E441AB241E770AA55CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 0019280A
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00192824
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00192832
                                                                                                                                                                                                                                                                                                                                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00192840
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 17167952b9c553d5897be1c7264fe7cae8bae1c73ae55f1c9c96e77b7b1e1478
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 731b85add7432908df51c9b24480e55cc58871be6078888ce51f36bd52594b41
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17167952b9c553d5897be1c7264fe7cae8bae1c73ae55f1c9c96e77b7b1e1478
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8221C131208111BFDB14DB24CC44FAA7B95AF55324F158159F4668B6E2CB71FC82CBD0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00168D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0016790A,?,000000FF,?,00168754,00000000,?,0000001C,?,?), ref: 00168D8C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00168D7D: lstrcpyW.KERNEL32(00000000,?,?,0016790A,?,000000FF,?,00168754,00000000,?,0000001C,?,?,00000000), ref: 00168DB2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00168D7D: lstrcmpiW.KERNEL32(00000000,?,0016790A,?,000000FF,?,00168754,00000000,?,0000001C,?,?), ref: 00168DE3
                                                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00168754,00000000,?,0000001C,?,?,00000000), ref: 00167923
                                                                                                                                                                                                                                                                                                                                                            • lstrcpyW.KERNEL32(00000000,?,?,00168754,00000000,?,0000001C,?,?,00000000), ref: 00167949
                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,00168754,00000000,?,0000001C,?,?,00000000), ref: 00167984
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                            • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 408d2ceafcf6b27365b2b2a0db797526382d552b2f46bb284228078b2c876dd4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f18141569049369abde55ed17df1f479ae317a7b9f09065cf2c1184646646a25
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 408d2ceafcf6b27365b2b2a0db797526382d552b2f46bb284228078b2c876dd4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9211293A200342ABCF156F38CC44D7A77E5FF55368B40402AF842C72A4EB31D861C7A1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00197D0B
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00197D2A
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00197D42
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0017B7AD,00000000), ref: 00197D6B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00119BB2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 847901565-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6a229674132fe76546e5d67ec53835b7ea24beb7dfdea155ba453dc331455c64
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 01cb32f8ba51da6c29be9621d50112aeba25ac2f505cb5ebadd277866ffb1e34
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a229674132fe76546e5d67ec53835b7ea24beb7dfdea155ba453dc331455c64
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3811CD71225655AFCF148FA8CC04AA63BA4BF45364F114729F839C72F0D7309D91CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001060,?,00000004), ref: 001956BB
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 001956CD
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 001956D8
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00195816
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 694ff9a09b2d09a37f3e7472c612a0ced41276a796fa5eefe83da0f25bbb30ab
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e719abe63978f9d636e471b516ab00acd8c6b408dd2cc54ab8cfed820f7e7544
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 694ff9a09b2d09a37f3e7472c612a0ced41276a796fa5eefe83da0f25bbb30ab
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2110875A00618AADF21DF61DC85AEE77BDFF11764F104026F915F6181E770CA80CBA0
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2b7cfb79b845832e8b930f5fef9dda8ae5d4c3fdf0dd5d49acea0641cfd6d976
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7b435a65bf24667cd290b87f0f49ea6a1ab9c419722a800e8b61bb3230fba9f5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b7cfb79b845832e8b930f5fef9dda8ae5d4c3fdf0dd5d49acea0641cfd6d976
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B501ADB220AA267EFA212AB87CC4F67675DDF523B8F310326F521A11D2DB708C404160
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00161A47
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00161A59
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00161A6F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00161A8A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 46237f3df0613300cec18985135546abdd11902cf8dff49b726531344896d567
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 790bc84d8d8672f7014ab8e56341d927208acc7a3eb2f6f6771361f73128aef7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46237f3df0613300cec18985135546abdd11902cf8dff49b726531344896d567
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E11273A901219FFEB10DBA4CD85FADBB79EB08750F240492EA04B7290D7716E50DB94
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0016E1FD
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(?,?,?,?), ref: 0016E230
                                                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0016E246
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0016E24D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 459ba23da4e72bae445d509e59276ac1c540f8fcf940cd19ccea6fc314d51c73
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d649cba88d9a1cf75aedba34601560cd6a57f037a0665ae945de91738879748b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 459ba23da4e72bae445d509e59276ac1c540f8fcf940cd19ccea6fc314d51c73
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30110876905214BBC7019BA8EC09A9E7FAEAB45320F00432AF815D3690D3708A5487A0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,?,0012CFF9,00000000,00000004,00000000), ref: 0012D218
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0012D224
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 0012D22B
                                                                                                                                                                                                                                                                                                                                                            • ResumeThread.KERNEL32(00000000), ref: 0012D249
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 870e7f455ca81e46d68555e63cd4d335efbcb25cbf43fdeccfee14cc9156ca98
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e276a9928d6c2cb35018310a6eb300ca58a55ee66873cf3c77b216a32b7f5e1a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 870e7f455ca81e46d68555e63cd4d335efbcb25cbf43fdeccfee14cc9156ca98
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0001F536805224FBDB216BA5FC09BAE7A6DEF92330F100229F925921D0CF70C961C6E0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00119BB2
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00199F31
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00199F3B
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00199F46
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00199F7A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 15bbb0b1ba5bb498d9d95d7ee892bedb81770535edc49d329d412fd42eb120c8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1de5788be5fbee2771bbcd009d5ba265bb72e4f39487e8aa87805c2277e10635
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15bbb0b1ba5bb498d9d95d7ee892bedb81770535edc49d329d412fd42eb120c8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71111532A0051ABBDF14DFA8D8899EEBBB9FB45311F40055AF952E7150D730BA81CBE1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0010604C
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00106060
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 0010606A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 58f94247d67e045614a7f5be26e8d882e5a31a288d55763a6c7b5e42d1752478
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1aa2c102dda6ae10c087fd871ff46262dd2cec31b107665aad83aff63ee4e75a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 58f94247d67e045614a7f5be26e8d882e5a31a288d55763a6c7b5e42d1752478
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1111C072501508BFEF164FA4CC54EEABB69FF083A4F000212FA4452160C776DCA0EBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 00123B56
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00123AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00123AD2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00123AA3: ___AdjustPointer.LIBCMT ref: 00123AED
                                                                                                                                                                                                                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 00123B6B
                                                                                                                                                                                                                                                                                                                                                            • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00123B7C
                                                                                                                                                                                                                                                                                                                                                            • CallCatchBlock.LIBVCRUNTIME ref: 00123BA4
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7b8cb0c69a442972a7ee65546c169f22d383b47116cb80c316ae30823f82b296
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1012932100158BBDF126F95EC42EEB3F6AEF58754F044014FE5896121C736E971EBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,001013C6,00000000,00000000,?,0013301A,001013C6,00000000,00000000,00000000,?,0013328B,00000006,FlsSetValue), ref: 001330A5
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0013301A,001013C6,00000000,00000000,00000000,?,0013328B,00000006,FlsSetValue,001A2290,FlsSetValue,00000000,00000364,?,00132E46), ref: 001330B1
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0013301A,001013C6,00000000,00000000,00000000,?,0013328B,00000006,FlsSetValue,001A2290,FlsSetValue,00000000), ref: 001330BF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cb46db8b92b64622f774f49ab2d8ca96c78e3c718414212ec7306879f12cd0dc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dfa4515ccc78459e727cc25877418d8bb1cb6fee8f6482b9c4ffdfd62da8629a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb46db8b92b64622f774f49ab2d8ca96c78e3c718414212ec7306879f12cd0dc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C012B32302732ABCB354B78AC84A577B98AF05B71F210621F969E7150C721DA41C6E4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0016747F
                                                                                                                                                                                                                                                                                                                                                            • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00167497
                                                                                                                                                                                                                                                                                                                                                            • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 001674AC
                                                                                                                                                                                                                                                                                                                                                            • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 001674CA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 031b327fd1df5652df154cfc56c009784137a89e69558a608de1373afde3184e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9bab8f4f501cd4f12962ad2e1ec7e4b2e4fabf88f73cd988f59ecfbd7692bd43
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 031b327fd1df5652df154cfc56c009784137a89e69558a608de1373afde3184e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3911ADB5209310ABE7208F18DD0CBA27BFCEB40B08F10856AA656D7591DBB0E954DBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0016ACD3,?,00008000), ref: 0016B0C4
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0016ACD3,?,00008000), ref: 0016B0E9
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0016ACD3,?,00008000), ref: 0016B0F3
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0016ACD3,?,00008000), ref: 0016B126
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2f484ec02c53237fb23f6d9992e1351df09a5e48cc26f4eafb83ff366f6d71eb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1e59e6c30a2af5d82efd503945d891fdb7daf7e88acb7de6484bda452dec94c4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f484ec02c53237fb23f6d9992e1351df09a5e48cc26f4eafb83ff366f6d71eb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9112A71C05518EBCF049FA4ED986EEBF78BB0A711F118096D981B2145CB3095E08B95
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00197E33
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00197E4B
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00197E6F
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00197E8A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7a3359ef8a38597b244b54dcf32d3162b5f50eb64cf7663c0705cde49facd100
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2387b1d545393958369c2d0c16112644897341f47f9aac38dea910811705d269
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a3359ef8a38597b244b54dcf32d3162b5f50eb64cf7663c0705cde49facd100
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC1144B9D0024AAFDB41CF98C8849EEBBF5FF18310F505056E955E3610D735AA94CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00162DC5
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00162DD6
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00162DDD
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00162DE4
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7cd614596901ba7416588a23de16d03c623d273604be6918318eef0bcce226fd
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bd639227d8a6daa58524ddd3111d656dd5ff64866b526d64d27b39d4a069d17f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7cd614596901ba7416588a23de16d03c623d273604be6918318eef0bcce226fd
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23E09272101624BBDB201BB29C0DFEB3E6CEF42BA1F400416F105D15909BA1C880C6F1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00119693
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119639: SelectObject.GDI32(?,00000000), ref: 001196A2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119639: BeginPath.GDI32(?), ref: 001196B9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00119639: SelectObject.GDI32(?,00000000), ref: 001196E2
                                                                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00198887
                                                                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,?,?), ref: 00198894
                                                                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 001988A4
                                                                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 001988B2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 78f667a4da226eb62d783904b8c15459e1f3be75ca2ef2d3bdba0a7cc4ab4d19
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b627c1807482f9dbc3f5501a31bb3f9521ddc4031fbe40919cc9721807195a22
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 78f667a4da226eb62d783904b8c15459e1f3be75ca2ef2d3bdba0a7cc4ab4d19
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BBF05E3A046258FADB126F94AC09FCE3F59AF06310F048002FA51654E1C7755591CFF9
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000008), ref: 001198CC
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 001198D6
                                                                                                                                                                                                                                                                                                                                                            • SetBkMode.GDI32(?,00000001), ref: 001198E9
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000005), ref: 001198F1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bdb6071fabd34aa121fa2938c3c15fe945f546115d88d73925986e345e3019a7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6ef9176177d2932904a96372fa8e7d494e8845a07ce81c32663cbc8155e155eb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bdb6071fabd34aa121fa2938c3c15fe945f546115d88d73925986e345e3019a7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D1E06D31244284EBEB215B74BC09BE83F21AB52336F04822AFAFA584E1C77146849B10
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 00161634
                                                                                                                                                                                                                                                                                                                                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,001611D9), ref: 0016163B
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,001611D9), ref: 00161648
                                                                                                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,001611D9), ref: 0016164F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ead5152f53d5d828843d0a469023241a636e0d284c0cfd12b4307ee9fcec5505
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d7add9d2f5b1a88ccc64ad29f4a2c371b66946f01246c5a61a0a1fe4698e67b2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ead5152f53d5d828843d0a469023241a636e0d284c0cfd12b4307ee9fcec5505
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65E08635601211EBD7201FA09E0DB473B7CAF54791F188809F285C9080D7744480C7A0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0015D858
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 0015D862
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0015D882
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?), ref: 0015D8A3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 43b55ed61f4896ac9df6d42c34a5fa1504e95f2d5701609b74604800894c05df
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 95109ba03665337f70bdb9ac134d0774e6f154cb8a68ecec03b3c44302f0f66a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43b55ed61f4896ac9df6d42c34a5fa1504e95f2d5701609b74604800894c05df
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0E01AB5800205DFCF459FA0D80866DBBB1FB08311F15801AF886E7750CB399981AF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0015D86C
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 0015D876
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0015D882
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?), ref: 0015D8A3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dfaceb97ad886142b847f699496f6c3a145df5e7d4756869738ee829bc5694db
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 697b0835756c966456f34e6ded16497f8b7c50161279f2753a4e4a4aafeb3cd2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dfaceb97ad886142b847f699496f6c3a145df5e7d4756869738ee829bc5694db
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1BE012B5800200EFCF40AFA0D80866DBBB1BB08310F14800AF88AE7750CB389981AF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00107620: _wcslen.LIBCMT ref: 00107625
                                                                                                                                                                                                                                                                                                                                                            • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00174ED4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c25b6f9ea326a10703cc21a13231bba75157a2b6020d1073aec1d4de95176b17
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1549b8ef46fc9f916cf2ae7b262f344ae80f15f9246752fdd0a51fff36f4d897
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c25b6f9ea326a10703cc21a13231bba75157a2b6020d1073aec1d4de95176b17
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81918175A002049FCB14DF58C484EAABBF1BF48304F19C099E84A9F3A2C775EE85CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __startOneArgErrorHandling.LIBCMT ref: 0012E30D
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                                                                            • String ID: pow
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0355a3c8b248bfb5d6c725f5c86e750565dca2a05cf4bc2a17ac879125d5d112
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b5a48692d2941ed4fa340ac23b92a0c8530658c1c5169469c2f3b06feaf21f8f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0355a3c8b248bfb5d6c725f5c86e750565dca2a05cf4bc2a17ac879125d5d112
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54516EA1A0C20296CB35B728ED013793BE4FF50751F344D68E4D6826E9EB358CE59A86
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: #
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e4346296043881694dc56d33241cad014e6647470b867060f909d4a7f2badd3b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3c12f5396ba85a6467e9f59e779d605cc1743acd2ead84b3d14a8edb4bf2755f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e4346296043881694dc56d33241cad014e6647470b867060f909d4a7f2badd3b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0551FF31900256DEDB1DDF68C091AFA7BE8EF29311F244065ECA19B2C0D7309E86CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 0011F2A2
                                                                                                                                                                                                                                                                                                                                                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 0011F2BB
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3a56591bdc7e03bd9f4918dd902f26fd7f71a7f955e4e169c77d41d26a881307
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dcb565e65b582a1298aaf3bdc3947a6303aeec685b8f06e0d1ebffcdac93555b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a56591bdc7e03bd9f4918dd902f26fd7f71a7f955e4e169c77d41d26a881307
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF516671808745ABD320AF14DC86BABBBF8FB94300F81895DF1D9410A5EB709569CBA7
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 001857E0
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 001857EC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 46abac1b3bc752347c982a55c44f6539165bff1de87813ae8aa2b78e0eddceef
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3d5205eca377a83b049da90d58ed1f2c92d74de39e87047a3e159fb9ccb6e81f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46abac1b3bc752347c982a55c44f6539165bff1de87813ae8aa2b78e0eddceef
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C419271E001099FCB14EFA9C8859EEBBB6FF6A314F10406AF505A7291D7709E81CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0017D130
                                                                                                                                                                                                                                                                                                                                                            • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0017D13A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: |
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4abec15a165794e4dbdf7992d09e0826e6d299bc2e13e452d3c1d25e97d54bb9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a7a23fcb5238010ddb626b41d7c787bfd4422534aed49b269ded5fa6c2cc5d4e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4abec15a165794e4dbdf7992d09e0826e6d299bc2e13e452d3c1d25e97d54bb9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F314F71D00219ABCF15EFA4DC85EEE7FB9FF18300F404059F819A61A2D771AA56CB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?), ref: 00193621
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0019365C
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fbc1359b829b91336fbc7c9f5267da8e076026f83837179e9766d7a46d138686
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ab8825e19a94b6b5abf819f0d5a44fee03cdd2c2c1105237a3b56c815362d8ab
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fbc1359b829b91336fbc7c9f5267da8e076026f83837179e9766d7a46d138686
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A318B71100204AEEB14DF68DC80EFB73A9FF98764F01861AF8A5D7280DB71AD91DB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0019461F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00194634
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: '
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3fd5779b72abb68adc2037f9a380d48b921e625de6a810b6881256a5b3c4f6af
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7496e559ae27d5521f66a689cc1a811ed5a5291d4773e6c744ae0ddbe9e11cc3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fd5779b72abb68adc2037f9a380d48b921e625de6a810b6881256a5b3c4f6af
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 413107B5A01309AFEF14CFA9C990BDA7BB5FF49300F15416AE905AB351D770A942CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0019327C
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00193287
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 392fd4d2b4418965871c731b525e9eeefc64a0585d9bcc5800b7c1f05c986147
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 29084e06fd27670e84993bb6f8db83c2e6d1d746f34bc82f76a88bac48f81d74
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 392fd4d2b4418965871c731b525e9eeefc64a0585d9bcc5800b7c1f05c986147
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C51190713002087FEF259F94DC80EBB376AEB943A4F104129F92897290D7719D519760
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0010600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0010604C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0010600E: GetStockObject.GDI32(00000011), ref: 00106060
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0010600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0010606A
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 0019377A
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000012), ref: 00193794
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9f15aa07a2453e709fa3c862e2309588689d7f8c01f44ad658f7b7ce7100981c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 50f2b02cfba0dc48b3a4c2b75e7282d9fb9863ecf133788a63c0d8cf276707b9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f15aa07a2453e709fa3c862e2309588689d7f8c01f44ad658f7b7ce7100981c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02113AB2610209AFDF05DFA8CC45EEA7BB8FB08354F014915F9A5E2250D775E8519B50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0017CD7D
                                                                                                                                                                                                                                                                                                                                                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0017CDA6
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                            • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 248b845a7e8423e9d1da9e5da80f0db2df75636ce674a5361ffe1fbb31802e32
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4ed002d44d58a9c95da09aa4ed63bddabff7b7f15269901c81d1f40e52eca8f9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 248b845a7e8423e9d1da9e5da80f0db2df75636ce674a5361ffe1fbb31802e32
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A011A071205631BAD7384AA6CC49EE7BEB8EB227A4F00822EB14D82180D7649940D6F0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextLengthW.USER32(00000000), ref: 001934AB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 001934BA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: edit
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 11021097ab9de5bfa7f1a90c4b1d2e28b451e38c057feb65cd51c7b9fa7cf182
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f005dafb68bffd64d9c46150ac4883636265076b4df6070f5932325ecbdd5b44
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11021097ab9de5bfa7f1a90c4b1d2e28b451e38c057feb65cd51c7b9fa7cf182
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C118C71200208AFEF128F64DC44AEB37AAEB15778F524724F975931E0C771EC91AB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00109CB3: _wcslen.LIBCMT ref: 00109CBD
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?,?), ref: 00166CB6
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00166CC2
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 694fad7b046b582d5c45b9baeb9ca8c4473a607f3a9d68d6bb2ead42fb540af6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 74dc412986d0617a8647fa3421b2d0aea439deed171e691c46d403b647c6f437
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 694fad7b046b582d5c45b9baeb9ca8c4473a607f3a9d68d6bb2ead42fb540af6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C901D232A0092A8BCB20AFFDDC909BF77B5EF71750B510529E8A2972D1EB71D960C650
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00109CB3: _wcslen.LIBCMT ref: 00109CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00163CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00163CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00161D4C
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0a1e8b7e46466fae4df048844155dc410448405448fdb900353b0b4ec7568c3c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 728bf0a17b7b7e0836462a936cba3ac50b1ba01703aa10aef16853bd56c2f8c4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a1e8b7e46466fae4df048844155dc410448405448fdb900353b0b4ec7568c3c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4501D871601228BBCB08EBE4CD55DFE7769EB66350F04091AF872573C2EB70591897A0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00109CB3: _wcslen.LIBCMT ref: 00109CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00163CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00163CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 00161C46
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3b60a7692684793a045165665995a36680304a97c3d3b5b2a03b8e5cfd69be0e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 381ca150f3df733df059be1ce2e64fc829216cb0e1b82708b75a48107e27df4f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b60a7692684793a045165665995a36680304a97c3d3b5b2a03b8e5cfd69be0e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A301A775A8110876DB08EB90CE62EFF77A99B21340F14001AB956672C2EB609F2896B1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00109CB3: _wcslen.LIBCMT ref: 00109CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00163CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00163CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 00161CC8
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 04178a49c2f7fe8a7383ec7dd3d92c73fec5cfeba08e8c2f725a31f0a28a61dd
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1d68294bd079222cc29c7c61e2eef66c476e042f7c21e384ac67b8d51370a1c9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 04178a49c2f7fe8a7383ec7dd3d92c73fec5cfeba08e8c2f725a31f0a28a61dd
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB01D6B2A8011877DB04EBA0CF11EFF77A99B31340F58001AB842772C2EB609F28D671
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00109CB3: _wcslen.LIBCMT ref: 00109CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00163CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00163CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00161DD3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 489b9319c8a1542e7ea9b37af69f3a0efdc2acab9e33b35315fd87cb0276864e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2eb28d3cb30e8570d37ecd19fc56794ba3f332b200e35be8f2b2270c7a4f7b8a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 489b9319c8a1542e7ea9b37af69f3a0efdc2acab9e33b35315fd87cb0276864e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96F0CD71F4121876D704F7E4CD55FFF777CAB21350F44091AB862672C2DB6059189360
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 70d69d78da556f69c422362b93a262f580c4ab0f7a086d323eb3c08a8845d4be
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f238ce0bbb6335a302927c1e9a816d59d4ac7a57aa11d32e7659a257efce6e48
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70d69d78da556f69c422362b93a262f580c4ab0f7a086d323eb3c08a8845d4be
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0BE02B0220423015D23132B9BCC1A7F5689DFE9750734182BF985C22E6EBD4CEE193A0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00160B23
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 55dc0ea4e167efc3ef31b04297c308bcf4cc700399dd119315169249e3b36ccc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: db3944b350afac47256d262f27c2a807da9bf6c2406fd50553a29d316c2a67a7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 55dc0ea4e167efc3ef31b04297c308bcf4cc700399dd119315169249e3b36ccc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3FE0DF322883183AD61837947C03FC97A848F29B24F10042EFBC8A94C38BE264E006E9
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0011F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00120D71,?,?,?,0010100A), ref: 0011F7CE
                                                                                                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,0010100A), ref: 00120D75
                                                                                                                                                                                                                                                                                                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0010100A), ref: 00120D84
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00120D7F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dd429cd91434f8512196f4387674019c58dc630e68759c665e642f18e5ffc524
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 93dbe13e3963d10963d8313ca4e4301f8ab9929e4b1dc3025e543cb0b63d94d9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd429cd91434f8512196f4387674019c58dc630e68759c665e642f18e5ffc524
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89E06D742013119BD7219FB8E5083427BE0BB18740F004A2EE486C6A52DBB0E4858B91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0017302F
                                                                                                                                                                                                                                                                                                                                                            • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00173044
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                            • String ID: aut
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dda2b8b758790a60caa2c437f04d7d39ebcb776c3929d33169754b0416e7750c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3be1b1c42069a842dea77a15d621a349c0733d852ca7d211921ff9c720ac30e0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dda2b8b758790a60caa2c437f04d7d39ebcb776c3929d33169754b0416e7750c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3D05E7250032877DA20A7A4AC0EFCB7A7CDB04B50F0002A2B695E2091DAB0D984CAE0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                            • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5bebe8c3b00ae35e377a4211d26c89aa31e0e5b71b79269c62f7c634d9ecdcd6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f283c662c095fc85c92e15e831ad063c6e93684e6f289588294be98aff407e97
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5bebe8c3b00ae35e377a4211d26c89aa31e0e5b71b79269c62f7c634d9ecdcd6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1CD0127580C148E9CB6897D0EC459FAB37CBB18342F518466FC1695040D764D58CAB62
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0019232C
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0019233F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016E97B: Sleep.KERNEL32 ref: 0016E9F3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b42bb8c2c353fbef61754ffa3b55289ed9c5243c1d0812c521b24cd896d5bcce
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 93dbf006c468a21b3c4d4e57145394e3c4e99e906c6f55edec48e34e134effcc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b42bb8c2c353fbef61754ffa3b55289ed9c5243c1d0812c521b24cd896d5bcce
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7DD012363D4310B7E664B770DC0FFD67A649F10B14F014A177785AA1D4CAF0B851CA94
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0019236C
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000), ref: 00192373
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0016E97B: Sleep.KERNEL32 ref: 0016E9F3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b583ad1e4e61e75babe7f9cb734f8b15aa5a9d2d8a5727e2b92e8a5a7185e598
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6febf8f8a4016e0a6bed2aee3a22485b15f2a007a6172765a211d487e78810f3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b583ad1e4e61e75babe7f9cb734f8b15aa5a9d2d8a5727e2b92e8a5a7185e598
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7D0C9363C13107AE664A7709C0FFC676649B14B14F014A167685AA1D4CAA0B8518A94
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0013BE93
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0013BEA1
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0013BEFC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1451917989.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1451861295.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.000000000019C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452238698.00000000001C2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452361153.00000000001CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1452398351.00000000001D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_100000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 244829bbf2362152d230db3f24fcdd8303a1c42fcc813ac006f03008b52abea4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3d545ce1cf52b8901830150ab8113a6231b22d2cd69135757fce47815ec383c7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 244829bbf2362152d230db3f24fcdd8303a1c42fcc813ac006f03008b52abea4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F841E934608216EFCF258F68DCD4ABA7BA9EF42320F155169FA59971A1FB308D01CB61

                                                                                                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                                                                                                            Execution Coverage:0.4%
                                                                                                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                            Signature Coverage:100%
                                                                                                                                                                                                                                                                                                                                                            Total number of Nodes:6
                                                                                                                                                                                                                                                                                                                                                            Total number of Limit Nodes:0
                                                                                                                                                                                                                                                                                                                                                            execution_graph 5005 2bf82e38532 5006 2bf82e38589 NtQuerySystemInformation 5005->5006 5007 2bf82e36904 5005->5007 5006->5007 5002 2bf82e140b7 5003 2bf82e140c7 NtQuerySystemInformation 5002->5003 5004 2bf82e14064 5003->5004

                                                                                                                                                                                                                                                                                                                                                            Callgraph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.2651882462.000002BF82E11000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002BF82E11000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_2bf82e11000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8d714d34ab2e3940ec1f6210bcb17d0392a0d49b2a9da88302d7780d4302e6c2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02A3E231614A488BDB6EDF28DC897A977E5FB95301F04423ED98BC7251DF30FA428A85